Carding | 3D Secure By Country

• Australia: AusPayNet regulations require merchants above fraud thresholds to apply SCA
by Q4 2019. This applies to merchants with above AUD 50,000 in fraud losses and with
fraud-to-sales ratio of 0.2% and above for two consecutive quarters. If you exceed the fraud
thresholds, you need to implement 3D Secure 2 by Q4 2019 at the earliest.
• Brazil: In Brazil, all debit card transactions require authentication from the issuing bank.
• Europe: The Revised Payment Services Directive (PSD2) requires European banks to use
strong customer authentication (SCA) for online banking and online payments transactions
within EEA, excluding out-of-scope transactions and exemptions.
• India: In India, banks are required to perform authentication on all domestic ecommerce
transactions.
• Malaysia: In Malaysia, issuing banks may require authentication on their BINs, otherwise,
authorisation rates will be low.

Below are the world’s biggest ecommerce markets with the acceptance rate of 3D Secure
payments.

Below are three countries with mandated authentication and the percentage of payments lost
through 3D Secure.

This study source was downloaded by 100000852633607 from CourseHero.com on 10-23-2022 22:43:45 GMT -05:00

https://www.coursehero.com/file/100629550/3D-Secure-Guidepdf/
 Important dates
The following are dates from regulatory boards and card schemes, specifying when regulations will
take effect and when card schemes will start supporting the new version of 3D Secure.
• 2019: Major card schemes start granting liability shift for 3D Secure 2 transactions. Early
adopter issuing banks in Europe are expected to start supporting 3D Secure 2.
• 15 August 2019: Visa applies liability shift rules in Canada and Latin America.
• October 2019: Mastercard applies liability shift rules in APAC, LATAM, MEA, North
America, and in countries with regulations (Nigeria, South Africa, India, Singapore,
Bangladesh, and Malaysia).
• 14 March 2020: PSD2 SCA becomes mandatory in EU. All issuing banks are expected to
implement SCA, in the form of 3D Secure.
• 18 April 2020: Visa applies liability shift for 3D Secure 2 transactions in APAC and
CEMEA, regardless of whether the issuer supports 3D Secure 2.
• 31 August 2020: Visa applies liability shift for 3D Secure 2 transactions in the US,
regardless of whether the issuer supports 3D Secure 2.
• 17 October 2021: Visa stops applying liability shift for 3D Secure 1.
• 29 December 2020: Mastercard will double 3D Secure 1 scheme fees for most European
countries.
• 14 October 2022: Mastercard will deprecate 3D Secure 1
• 2021/2022: Visa will stop supporting 3D Secure 1.

3D Secure for regulation compliance

Learn what you need to do to stay compliant with authentication regulations and to retain maximum
conversion for your online card payment transactions.

What you need to know

Card schemes and regulatory agencies around the world are taking action to make payments safer
and more secure for cardholders. For example, the European Commission issued the Revised

This study source was downloaded by 100000852633607 from CourseHero.com on 10-23-2022 22:43:45 GMT -05:00

https://www.coursehero.com/file/100629550/3D-Secure-Guidepdf/
 Payment Services Directive (PSD2) governing electronic payments within Europe. PSD2 includes a
mandate that requires banks to perform strong customer authentication (SCA) for online payments.
Most regulations apply to issuing banks and not to you as a merchant, however, you will get the risk
of getting lower authorization rates if an issuing bank evaluates a transaction as non-compliant, and
refuses the transaction as a result.

What you need to do

To make sure that your transactions comply with regulations like PSD2 SCA, you need to
implement 3D Secure, an authentication protocol developed by EMVCo and supported by major
card schemes.
We recommend that you become familiar with guidance from regulatory agencies, card schemes,
and with EMVCo specifications. In addition, we as your payment service provider will provide
further guidance to help ensure that while you are complying with regulations, you are also
maintaining a good online payments experience for your shoppers. For example, we have a
comprehensive PSD2 compliance and integration guide where we describe how PSD2 SCA may
affect different business models.

The next sections describe the following topics on regulations and online payments authentication
in general:
• Summary of existing regulations around the world: Get to know local directives depending
on the country you're operating from.
• Important dates: See the current schedule for regulation implementation and 3D Secure
changes.
• 3D Secure protocol for regulation compliance: Check how you can comply with
authentication regulations using 3D Secure 1 and 3D Secure 2.
• 3D Secure 2 implementation options: Find out how you can support 3D Secure 2 with your
existing integration.

Overview of existing regulations

Here are examples of existing regulations that may apply either to you or to issuing banks if you are
conducting business in the following regions:
See PSD2 SCA compliance and implementation guide for more information on actions that you
need to take to comply with the EU directive.

Use 3D Secure for compliance

3D Secure is an authentication protocol that provides an additional layer of verification for card-
not-present (CNP) transactions. The protocol is compliant with authentication regulations, including
the SCA mandate from PSD2.

3D Secure has two available versions:

• 3D Secure 1 : Before a payment is authenticated, shoppers are redirected to the card issuer's
site to provide additional authentication data such as a password or an SMS verification
code. The redirection introduced in 3D Secure 1 might lead to lower conversion rates due to

This study source was downloaded by 100000852633607 from CourseHero.com on 10-23-2022 22:43:45 GMT -05:00

https://www.coursehero.com/file/100629550/3D-Secure-Guidepdf/
 technical errors during the redirection or due to shoppers dropping out of the authentication
process.
• 3D Secure 2 : Unlike the previous version where shoppers are redirected to another site, in
3D Secure 2 the card issuer performs the authentication within your app or payment form.
The shopper's identity may be verified using passive, biometric, and two-factor
authentication approaches.

Guidance for implementing 3D Secure

We recommend that you implement both 3D Secure 1 and 3D Secure 2. If you are using our
Checkout SDKs, HPP, Plugins, or API with 3D Secure 1 integration, you don't have to do anything.
You are ready to support 3D Secure 2 through the same redirect page.

However, we also have existing solutions to support 3D Secure 2 authentication natively within
your app or payment form. If you decide to implement native 3D Secure 2 authentication in
addition to your 3D Secure 1 integration, check out 3D Secure implementation options.

3D Secure chargeback liability shift rules

When you implement 3D Secure 2 authentication, you can avoid the liability for chargebacks in
case of fraud (for example, chargeback claim due to lost or stolen card), this is called a liability
shift.

The general rule is if a shopper successfully completes a 3D Secure 2 challenge authentication flow,
the liability for fraudulent chargebacks shifts from you to the card issuer. In a challenge flow, the
issuer requires additional shopper interaction. In some regions, card schemes may grant liability
shift after a successful frictionless flow, where the transaction is approved after a passive
authentication.

The following tables show the liability shift rules for Visa and Mastercard. Note that the general
rule applies to the transaction types, unless specified.

Visa liability shift rules

Region/ Liability shift

Period Transaction type
Countries applies?
3D Secure 2 transaction with
EU Before 14 March 2020 an issuer that supports 3D Yes
Secure 2.
3D Secure 2 transaction regardless of
After 14
whether the issuer supports 3D Yes
March 2020
Secure 2.
Brazil From 15 August 2019 3D Secure 2 transaction. Yes
Canada,
Before 15 August 2019 3D Secure 2 transaction. No
LATAM
3D Secure 2 transaction successfully
After 15
completed through either frictionless Yes
August 2019
or challenge flow.

This study source was downloaded by 100000852633607 from CourseHero.com on 10-23-2022 22:43:45 GMT -05:00

https://www.coursehero.com/file/100629550/3D-Secure-Guidepdf/
 3D Secure 2 transaction with
APAC, MEA Before 18 April 2020 an issuer that supports 3D Yes
Secure 2.
3D Secure 2 transaction regardless of
After 18 April
whether the issuer supports 3D Yes
2020
Secure 2.
3D Secure 2 transaction with
US Before 31 August 2020 an issuer that supports 3D Yes
Secure 2.
3D Secure 2 transaction regardless of
After 31
whether the issuer supports 3D Yes
August 2020
Secure 2.
Global Before 17 October 2021 3D Secure 1 transaction Yes
After 17
3D Secure 1 transaction No
October 2021

For Visa transactions, the chargeback protection is valid for 90 days.

Mastercard liability shift rules

Liability
Region/Countries Period Transaction type shift
applies?
From October 2018 3D Secure 2
Brazil Yes
onwards transaction.
3D Secure 2
Between April to transaction with an
EU Yes
September 2019 issuer that supports
3D Secure 2.
Yes, but only if the
issuer is unable to
3D Secure 2 transaction with an issuer
respond to a 3D Secure 2
that does not support 3D Secure 2.
call due to technical
reasons.
PSD2 SCA out-of-scope
From April 2019 onwards No
transactions.
3D Secure 2 transactions where
merchant or acquirer requests for a
No
PSD2 exemption and the issuer grants
an exemption.
From September 2019 onwards 3D Secure 2 transaction. Yes
3D Secure 2 transactions where
issuing bank applies a PSD2
exemption without the merchant or Yes
acquirer requesting for it. For example,
issuer TRA.
Countries with existing regulations Before October 2019 3D Secure 2 No
that require 3D Secure transaction.

This study source was downloaded by 100000852633607 from CourseHero.com on 10-23-2022 22:43:45 GMT -05:00

https://www.coursehero.com/file/100629550/3D-Secure-Guidepdf/
 implementation:

• Nigeria
• South Africa
• India
• Singapore
• Bangladesh
• Malaysia

3D Secure 2 transaction
successfully completed
After October 2019 through either Yes
frictionless or challenge
flow.
Non-EU regions and countries not
listed in the previous row:

• APAC 3D Secure 2
Before October 2019 No
• LATAM transaction.
• MEA
• North America

3D Secure 2 transaction
successfully completed
After October 2019 through either Yes
frictionless or challenge
flow.

Mastercard has not yet announced an end date for the liability shift on 3D Secure 1 transactions,
meaning that liability shift still applies there until further notice.
For Mastercard transactions, the chargeback protection is valid for 30 days. Starting from 2020,
Mastercard will extend liability shift validity to 90 days.

Implementing 3D Secure 2 with your existing Adyen integration

If you are using our Checkout SDKs, HPP, Plugins, or API with 3D Secure 1 integration, you don't
have change anything. You can already support 3D Secure 2 authentication through the same
redirect page.
If you have an existing integration with us with a 3D Secure 1 implementation, you can already
support 3D Secure 2. Similar to a 3D Secure 1 flow, you will need to redirect the shopper to the
URL returned in the API response. If a transaction requires 3D Secure 2 authentication, we will
provide a redirect URL which will take your shopper to our hosted page to complete the 3D Secure
2 authentication flow.

In the table below we discuss in detail how we will handle 3D Secure 2 across different
integrations, and what you can do to improve the shopper experience should you choose to
implement native 3D Secure 2 authentication.

Your existing integration What you need to do to support 3D Secure 2

This study source was downloaded by 100000852633607 from CourseHero.com on 10-23-2022 22:43:45 GMT -05:00

https://www.coursehero.com/file/100629550/3D-Secure-Guidepdf/
 Online payments API, with Do nothing. 3D Secure 2 will be supported through a redirect.
existing 3D Secure 1 However, if you want a better shopper experience, add 3D Secure 2
integration. Components or use Drop-in on your client-side implementation.
Do nothing. 3D Secure 2 will be supported in Web, iOS, and
Android SDKs through a redirect.
However, if you want a better shopper experience with native 3D
Secure 2 authentication, switch to our Web, iOS, and Android
Drop-in solution available from versions 3.0.0 and later.
Quick integration Checkout
If you want to continue using the mobile SDKs, you can upgrade to
SDKs
the following versions which support 3D Secure 2:

• Checkout Android SDK version 2.4.0 to 2.4.5.

• Checkout iOS SDK version 2.6.0 to 2.8.4

Upgrade to the following plugin versions to support native 3D

Secure 2 authentication:

• Magento 2 version 4.2.0 and later.

Plugins for Magento 1 and 2,
• Salesforce Commerce Cloud version 19.1.0 and later.
PrestaShop, SFCC, or SAP
• SAP Commerce (Hybris) version 5.0.0 and later.
Commerce (Hybris)
• PrestaShop version 1.0.0 and later.

If you choose to continue using an older version of our plugins, we

will support 3D Secure 2 through a redirect.
Do nothing. 3D Secure 2 will be supported through a redirect.
However, we strongly recommend to move your implementation to
Hosted Payment Pages (HPP)
our online payments API with the 3D Secure 2 Component for a
better user experience.
Do nothing. 3D Secure 2 will be supported through a redirect.
Classic integration or CSE,
However, if you want a better shopper experience with native 3D
with existing 3D Secure 1
Secure 2 authentication, use our helper functions for web and the
integration.
Classic integration 3D Secure 2 SDKs for mobile.
Integrate 3D Secure redirect authentication to support both
Online payments API, without
versions of 3D Secure or a combination of 3D Secure 2 native
a 3D Secure 1 integration.
authentication and a 3D Secure 1 fallback.
Classic integration or CSE, Integrate 3D Secure classic API redirect authentication to support
without a 3D Secure 1 both versions of 3D Secure or a combination of 3D Secure 2 native
integration. authentication and a 3D Secure 1 fallback.

For guidelines on using 3D Secure with your current business model, see PSD2 SCA compliance
and implementation guide.

This study source was downloaded by 100000852633607 from CourseHero.com on 10-23-2022 22:43:45 GMT -05:00

https://www.coursehero.com/file/100629550/3D-Secure-Guidepdf/
Powered by TCPDF (www.tcpdf.org)