This month we wanted to talk about EMV 3-D Secure (EMV 3DS), a protocol that uses modern authentication technology to reduce your business’s exposure to fraud and chargebacks, and how to ensure your account is enabled. This information is to ensure you benefit from the advantages EMV 3DS has to offer and remain compliant with new regulations that are coming into force across the e-commerce payments industry.
The Revised Directive on Payment Services (PSD2) mandates that a form of Strong Customer Authentication (SCA) is performed on all e-commerce transactions initiated by the customer through their browser. To meet these regulations, you will need to ensure EMV 3DS is enabled and active on your Trust Payments account.
Failing to submit transactions without the necessary authentication poses a significant risk to the viability of your online business, as transactions are at greater risk of chargeback and declines from associated banks. This is especially true in the UK, where the ramp-up of SCA deployment started in June of this year has already led to a marked increase in declines from issuing banks.
If you have not already done so, we urge you to implement EMV 3DS on your Trust Payments account ASAP. Click here to get started.
I’m already using 3-D Secure. Do I need to make changes?
The answer depends on your implementation.
- Merchants using 3-D Secure v1.x will need to migrate to using version 2.x. The importance of this is that version 1.x is in the process of being phased out by the card schemes, meaning you will no longer be fully protected in case of fraud and chargebacks. Click here to learn how to migrate.
- Those already using 3-D Secure version 2.x don’t need to make any changes.
Some background on 3-D Secure version 1 and version 2
The original 3-D Secure (version 1.x) standard was launched in 2001. It was an important step taken by the banking and e-commerce industry to protect businesses and their customers from fraud. While this was an invaluable tool for securing payments, increasing levels of fraud in digital payments across Europe has necessitated the implementation of more robust measures to keep consumers safe when making purchases online. As a result, Strong Customer Authentication (SCA) has become a vital piece of the EU’s Revised Payment Services Directive (PSD2), which all merchants must adhere to. To meet this directive, merchants must implement EMV 3DS (AKA 3-D Secure version 2.x) for their e-commerce transactions.
How can I tell if I’m using 3-D Secure version 1 or version 2?
What can I do to avoid declines?
- Authentication using EMV 3DS means a transaction is less likely to be declined by the issuing bank
- When processing recurring payments/subscriptions, ensure you authenticate on the first transaction of the sequence or when the mandate is set up. Trace IDs (reference data) from this initial secure transaction are then used in subsequent payments, i.e., payment #2 in the sequence onwards. The TRU Connect gateway manages this for you, provided that EMV 3DS authentication took place with the initial transaction, and the subsequent payments are linked back to the parent transaction.
- Use low-value exemptions. If you are processing many payments under the low-value threshold (€30/£25 or equivalent), you can request exemption from Strong Customer Authentication (SCA). Liability for chargebacks is with you – the merchant – in this case unless an exemption is applied on the issuing side. We are working on automation of this process to help minimise cardholder friction for these lower transaction amounts.
What are Soft Declines, and how must I react to them?
If you need further clarification on any of the above, please contact our Support Team on [email protected]