I've received an email from my payment provider SagePay, as below, about 3D Secure 2.0 / Strong Customer Authentication (SCA) which will come into force on 14 September 2019.
As I use SagePay Form, do these changes involve any essential updates to the CS-cart software?
Mandatory changes to online payment processing
Notice 19-E | 25 February 2019
Your merchant bank or acquirer will likely contact you soon about the mandatory changes to online payment processing which will come into force on 14 September 2019.
3D Secure, better known as 'Verified by Visa' and 'Mastercard SecureCode' is a customer validation mechanism that was introduced to reduce online card fraud by requiring cardholders to enter a password during the checkout process. The requirement for a cardholder to enter a password was designed to increase validation of the cardholder, and create a liability shift to the cardholder's bank where validation is completely successful, in the event of fraudulent activity.
Despite the benefits of 3D Secure, the extra step in the checkout process can have an impact, sometimes leading customers to abandon their purchase because of this extra element in the process or in the event of a forgotten password.
Some merchant banks and acquirers are introducing the changes to 3D Secure from Spring 2019. The aim is to reduce some of these challenges and deliver authentication which still affords your business the same protections.
Strong Customer Authentication (SCA)
Strong Customer Authentication (SCA) is set to be introduced in September 2019. This is new regulation which applies to online payments within the European Economic Area (EEA) where the cardholder bank and payment provider are both in the EEA.
SCA requires a two-step authentication process (also known as 'two factor authentication') for verification of online payments, these include:
1. Something you know e.g. PIN.
2. Something you have e.g. mobile phone.
3. Something you are e.g. fingerprint.
By September, transactions that don't have this two-step validation may be declined.
What do these changes mean for my business?
3D Secure 2.0 will support the delivery of the strong customer authentication requirements by acting as part of the 2 step validation process so while they are separate, these updates are linked and both have the aim of improving the customer experience and reducing online fraud.
Sage Pay is committed to ensuring that you have the tools you need to benefit from and remain compliant with these new regulations and minimise fraud while maximising checkout conversion. We have already started updating our systems and working with merchant banks and acquirers to bring this to you.
The way your website is integrated with Sage Pay will determine the steps you need to take to ensure you're ready for these changes. We'll be in touch soon with details of the actions you need to take and we'll send regular reminders with supporting information until the September deadline.
Sage Pay Customer Services Team