3DS2 Explained Part III: The Checkout.com Solution
The clock is ticking on Strong Customer Authentication. Checkout.com recently hosted a seminar on SCA preparedness. Here’s a recap of the regulation and how Checkout.com can get you SCA-ready with our 3DS2 hosted solution and Unified Payments API.
PSD2 requires that SCA be applied for all electronic payments when an issuer and a merchant are both within the European Economic Area (EEA) by September 14th, 2019, unless specific exemptions apply. Checkout.com has rolled out its 3DS2 hosted solution to enable merchants to comply with the new SCA requirements, optimize the cardholder experience, boost conversion and avoid declined payments for non-compliance.
3D Secure 2.0: Checkout.com Hosted Solution
When designing our 3DS 2.0 solution, we wanted to remove complexities for merchants and their customers and provide an easy upgrade path from 3DS 1.0 to 3DS 2.0. We made sure to maintain the same integration experience for both versions of 3D Secure through the use of a middleware called the Interceptor. By doing so, if you had already built support for 3DS 1.0 in the Unified Payments API, there was no additional work required when we released our 3DS 2.0 solution.
Checkout.com’s 3DS 2.0 hosted solution will ensure you comply with PSD2 and will support different SCA factors, improve cardholder user experience, limit fraud through data sharing and transaction risk analysis, and enables the use of exemptions.
With 3DS 2.0, merchants can pass on ten times more data than with 3DS 1.0. While 3DS 1.0 may support SCA, it is not fully adapted to PSD2.
For example, 3DS 1.0 does not:
- Include the possibility of using exemptions
- Use all forms of SCA approaches
In addition to rolling out our 3DS 2.0 solution, we are also enhancing our internal risk procedures to assess and score each transaction in real-time. The score will then be used in the application of Transaction Risk Analysis (TRA) exemptions.
The Exemption Optimization Service is another real-time service that will be included to ensure that a transaction is authenticated if a transaction falls under PSD2, and where applicable, is authenticated using an exemption strategy.
We haven’t stopped there. Checkout.com is already working on the next phase of 3DS 2.0 enhancements called 3DS 2.1.
How SCA will impact your checkout flow.
Unified Payments API: Checkout.com's Integrated Solution
We are committed to helping new and existing merchants integrate our Unified Payments API (UPAPI) solution which comes with all the compliance elements of 3DS2 and SCA. Our Unified Payments API offers a streamlined integration experience giving you access to all supported payment methods via a single payments endpoint and allows you to add new payment methods without re-integration.
When requesting a payment through the Unified Payments API, we will attempt to automatically detect if it falls under the SCA mandated area. If it does, we’ll provide you with a redirection URL that your customer should be sent to. This then brings them to the Interceptor, a piece of middleware that is responsible for identifying if any exemptions can be applied, collects all the necessary information about the cardholder (device information, for example) and trigger the authentication request to the issuer if necessary.
If the frictionless flow is triggered, we immediately request the authorization and send the cardholder straight back to your online store without any further action needed from them. If there is a challenge requested, the Interceptor handles all of the back and forth between the cardholder and issuer on your behalf before again requesting the authorization and sending your cardholder to your online store.
We also have a fallback mechanism. If it isn’t possible to perform a 3D Secure 2.0 authentication, we’ll send the cardholder down the 3D Secure 1.0 route to ensure that authentication takes place regardless. Again, all of this complexity is handled internally by Checkout.com whilst providing a seamless payment experience for your customers.
To meet ever-changing consumer and regulatory demands, businesses require a payment service provider that constantly iterates, adapts and improves upon their solutions. Our Unified Payments API is designed to future-proof your payments, so you spend less time with integrations and more time focusing on your business.
For existing Checkout.com customers, please reach out to your Customer Success Manager to learn more about 3DS 2.0 solutions and transitions, or read our docs.
While the EBA reiterated that all actors, including card schemes, issuers, and merchants, must take the necessary steps to apply or request SCA, the EBA has exceptionally accepted that national competent authorities across Europe may decide to work with PSPs and relevant stakeholders, including consumers and merchants, to provide additional time for SCA compliance.
The local competent authorities may decide to provide limited additional time with an aim to:
- Allow issuers to migrate to SCA compliant authentication approaches
- Allow acquirers to migrate their merchants to solutions that support SCA
In order to achieve consistency across the EU, the EBA will communicate deadlines by which the businesses will have to complete their migration plans later this year.
Due to market pushback and lack of industry readiness, the EBA recognized the challenges for meeting the September deadline and may grant extensions on an “exceptional basis.” However, Checkout.com highly recommends completing your SCA compliance requirements as soon as possible in order to reduce your risk of declined payments.
Written on by