The Merchant Preferences page is used to configure your Merchant account security preferences. The preferences page contains the following security sub-sections.
3D Secure Support
Choose whether this Merchant account has been registered for 3D Secure by the acquiring bank. Once registered, the Merchant can perform 3D Secure transactions. This preference is only available to Admin and Reseller users.
This section also allows you to choose whether or not to accept transactions where the 3D Secure authentication has not matched. For further information and recommendation for 3D Secure Checking Preferences, please see here.
3D Secure Policy
You can also choose the preferred 3D Secure Policy and Version. Merchants need to choose how and when to request exemptions to Issuers. They can opt to Authenticate before or after Authentication.
Authentication Before Authorisation - Transactions submitted using 3D Secure for authentication with an exemption indicator applied. The authorisation will then be submitted with the appropriate authentication data, including the exemption indicator.
The authorisation may be eligible for the 3D Secure liability shift.
Authentication After Authorisation, when requested by the Issuer - This bypasses initial 3D Secure authentication and submits transactions directly to authentication with an exemption indicator.
If the Issuer accepts the exemption, no further additional authentication is required. However, the Issuer has the right to request that authentication be performed and the transaction be resubmitted for authorisation with the additional authentication data.
The post authorisation authentication and authentication submission can be automatically performed by the Gateway or the Gateway can be set to decline the transaction and indicate it can be resubmitted if required (if the declined transaction is resubmitted, you should request that authentication is performed before authorisation and not request an exemption again).
The initial authorisation will not be eligible 3D Secure liability shift.
Select one of the options from the dropdown to choose which policy to apply:
1. Before Authorisation or When Issuer Requests (Default)
2. Before Authorisation Only
3. When Issuer Requests Only (Bypass)
4. Before Authorisation or When Issuer Requests (PSD2)
5. Before Authorisation Only (PSD2)
6. When Issuer Requests Only (PSD2) (Bypass)
7. Before Authorisation (PSD2) or When Issuer Requests (All Regions)
The PSD2 options will perform the 3D Secure authentication only if the transaction falls within the jurisdiction of the European Unions Payment Services Directive 2. Otherwise, it will behave as if 3D Secure had not been required.
Policy 7 is designed to improve acceptance rates for Merchants serving Cardholders outside the PSD2 area. Under Policy 7, if a Transaction receives a Gateway response code of 65 (SCA required), a step up will be completed to send the transaction to 3-D Secure for all regions, should the Merchant be using the Hosted Integration. Merchant Account preferences can override the 3-D Secure requirement, for more information, please see the article Settings for SCA. Importantly, if an Issuer from any location mandates a 3-D Secure Challenge, Policy 7 will honour the request and enable the transaction to step up with 3-D Secure Authentication and present a challenge to the Cardholder.
Address & Security Code (AVS/CV2) Checking Status
Choose whether this Merchant account is able to perform address and CV2 checking by the acquiring bank. This preference is only available to Admin and Reseller users.
Address & Security Code (AVS/CV2) Checking Preferences
Choose whether address & security code (AVS/CV2) checking is required for this Merchant account. This section also allows you to choose whether or not to accept transactions where the Address Details or Security Code (AVS/CV2) do not match. For further information and recommendation for AVS and CV2 Checking Preferences, please see here.
Please note when the Preference Required option is set to No, the configuration options show but are greyed out and cannot be edited until the Required dropdown is set to Yes.