How do these changes impact Merchants?

Although 3DSv1 and 3DSv2 will both exist for several years, if you accept payments where the card issuer and the acquirer are based in the European Economic Area (EEA), you need to apply Strong Consumer Authentication (SCA) to your payments.

The Gateway will always attempt to use the highest version of 3DS available to the Cardholder. For example, if either the bank or Cardholder is not enrolled in 3DSv2, then the Gateway will attempt to fall back to 3DSv1. If this is not possible, then the Merchant will be informed that no 3DS authentication took place and will have the choice either to continue the transaction or to decline it based on its Merchant preferences set in the MMS.

Merchants should ensure they have enrolled and are using 3DSv1 and start testing 3DSv2 using our sandbox solutions so they are prepared when these changes are enforced.

When using our Direct integration method, there are mandatory changes that must be made to the Merchant’s integration to handle the changes that we have made for 3DSv2. 

When using our Hosted integration method, there are recommended changes that can be made to the Merchant's integration to include the increased number of data elements or SCA values. 

Our 3DS Integration Guide contains details of the necessary changes for both the Direct and Hosted integration, along with sample code.