If your Merchant Account is set up for 3-D Secure, the Hosted Payment Page will automatically attempt to display the 3-D Secure authentication page for the Customer’s bank.
3DSv2 allows Merchants to send much more Risk Based Authentication (RBA) data than in 3DSv1. The risk based authentication process facilitates the exchange of over 100 data points during a transaction, including user geo-location, device ID, shipping address and previous transaction history, to assess the risk for that specific transaction.
The benefit of RBA is that it allows the Issuers to authenticate its cardholders without asking for any additional information for the majority of the transactions. For this reason Merchants are encouraged to use the Hosted Integrated to send as much Risk Based Authentication (RBA) data as they can.
However, if Merchants choose to continue as they are and make no changes the Hosted Integration will continue to work as normal and perform both 3DSv1 and 3DSv2 transactions but the 3DSv2 RBA would be unable to utilise a lot of these extra data points and could therefore result in more challenges than would have otherwise been required.
Please note that it is assumed that Merchants are not relying on receiving the 3DSv1 protocol challenge packets (PAReq/PARes) as these do not exist in 3DSv2 so will not be included in the response. If you need further information about this please contact out support team.
Merchants who would like to include the extra data points for RBA will need to use our sandbox environment to make sure you can do the following:
- Send threeDSOption with as much extra information as possible.
- Allow the Gateway to handle the SCA soft-decline code of 65 via correct setting of the 3DS Policy or be prepared to handle the code themselves either declining the transaction or resubmitting. Any resubmission should be performed in a way that does not require the Cardholder to re-enter their card details. See the 3DS Policy section of the 3DSv2 MMS Preferences article for more information.
- Pass any scaExemption they require (if the default options available in the MMS are not sufficient).