Skip links

Why You Should Be Upgrading to EMV 3DS2

This month we wanted to talk about EMV 3-D Secure (EMV 3DS), a protocol that uses modern authentication technology to reduce your business’s exposure to fraud and chargebacks, and how to ensure your account is enabled. This information is to ensure you benefit from the advantages EMV 3DS has to offer and remain compliant with new regulations that are coming into force across the e-commerce payments industry.

The Important Part!

The Revised Directive on Payment Services (PSD2) mandates that a form of Strong Customer Authentication (SCA) is performed on all e-commerce transactions initiated by the customer through their browser. To meet these regulations, you will need to ensure EMV 3DS is enabled and active on your Trust Payments account.

Failing to submit transactions without the necessary authentication poses a significant risk to the viability of your online business, as transactions are at greater risk of chargeback and declines from associated banks. This is especially true in the UK, where the ramp-up of SCA deployment started in June of this year has already led to a marked increase in declines from issuing banks.

If you have not already done so, we urge you to implement EMV 3DS on your Trust Payments account ASAP.Click here to get started.

I’m already using 3-D Secure. Do I need to make changes?

The answer depends on your implementation.

  • Merchants using 3-D Secure v1.x will need to migrate to using version 2.x. The importance of this is that version 1.x is in the process of being phased out by the card schemes, meaning you will no longer be fully protected in case of fraud and chargebacks. Click here to learn how to migrate.
  • Those already using 3-D Secure version 2.x don’t need to make any changes.

Some background on 3-D Secure version 1 and version 2

The original 3-D Secure (version 1.x) standard was launched in 2001. It was an important step taken by the banking and e-commerce industry to protect businesses and their customers from fraud. While this was an invaluable tool for securing payments, increasing levels of fraud in digital payments across Europe has necessitated the implementation of more robust measures to keep consumers safe when making purchases online. As a result, Strong Customer Authentication (SCA) has become a vital piece of the EU’s Revised Payment Services Directive (PSD2), which all merchants must adhere to. To meet this directive, merchants must implement EMV 3DS (AKA 3-D Secure version 2.x) for their e-commerce transactions.

How can I tell if I’m using 3-D Secure version 1 or version 2?

What can I do to avoid declines?

  • Authentication using EMV 3DS means a transaction is less likely to be declined by the issuing bank
  • When processing recurring payments/subscriptions, ensure you authenticate on the first transaction of the sequence or when the mandate is set up. Trace IDs (reference data) from this initial secure transaction are then used in subsequent payments, i.e., payment #2 in the sequence onwards. The TRU Connect gateway manages this for you, provided that EMV 3DS authentication took place with the initial transaction, and the subsequent payments are linked back to the parent transaction.
  • Use low-value exemptions. If you are processing many payments under the low-value threshold (€30/£25 or equivalent), you can request exemption from Strong Customer Authentication (SCA). Liability for chargebacks is with you – the merchant – in this case unless an exemption is applied on the issuing side. We are working on automation of this process to help minimise cardholder friction for these lower transaction amounts.

What are Soft Declines, and how must I react to them?

  • Soft declines are returned from card issuers when Strong Customer Authentication (SCA) is required before they can successfully authorise the transaction.

  • If you are using the TRU Connect gateway, these will appear as error code 71000. When returned in the response, affected transactions must be re-submitted with EMV 3DS and a new authorisation request where possible to avoid a hard decline.
  • As a merchant using the API, JavaScript Library or Mobile SDK to connect to our gateway to process your payments, we provide instructions to assist you in implementing the necessary changes. Click here for further information.
  • Please ensure this is implemented by the 15th of October as fines from the card schemes may be applicable after this date.
  • Low-value exemptions run the risk of soft decline if the 5-transaction limit or €100 threshold since the last SCA is exceeded. The only way to achieve successful approval in this situation is to re-submit the payment using EMV 3DS.

If you need further clarification on any of the above, please contact our Support Team on [email protected]

Security statement

Security is our top priority at Trust Payments and we strive to ensure that all data is kept secure at all times We keep all customer data safe with AES256 encryption, SSL Certificates, and a minimum of TLS1.2, between your website and our datacentres.

Our systems are scanned quarterly using the Qualys PCI Platform, an independent Qualified Security Assessor (QSA) and approved vendors – Omnicybersecurity (UK) & Forgenix (US) – to ensure compliance with the security requirements of the card schemes.

We follow a number of rigorous security procedures on a daily basis including, but not limited to, continuous monitoring of our perimeter, dark web monitoring, and internal checks to ensure that CIA triad is maintained at all times.

Keep up with the latest in payments!

Fill the form below to sign up to our mailing newsletter.