3-D Secure v2 settings are found under the 3DS Checks and PDS2 tabs of the Preferences section in the MMS. In addition to the previous 3DSv1 settings available, Merchants can now choose their 3DS policy, 3DS version and which exemptions they would like the Gateway to automatically apply here.
3-D Secure Checks Tab
Merchants can choose how and when 3DS is used in their transaction flow under the 3DS Checks Preferences tab:
3-D Secure Policy
Merchants need to choose how and when to request exemptions from Issuers. They can opt to Authenticate before or after Authentication.
Authentication Before Authorisation - Transactions submitted using 3-D Secure for authentication with an exemption indicator applied. The authorisation will then be submitted with the appropriate authentication data, including the exemption indicator.
The authorisation may be eligible for the 3-D Secure liability shift.
Authentication After Authorisation, when requested by the Issuer - This bypasses initial 3-D Secure authentication and submits transactions directly to authentication with an exemption indicator.
If the Issuer accepts the exemption, no further additional authentication is required. However, the Issuer has the right to request that authentication be performed, and the transaction be resubmitted for authorisation with the additional authentication data.
The post authorisation authentication and authentication submission can be automatically performed by the Gateway or the Gateway can be set to decline the transaction and indicate it can be resubmitted if required (if the declined transaction is resubmitted, you should request that authentication is performed before authorisation and not request an exemption again).
The initial authorisation will not be eligible 3-D Secure liability shift.
Select one of the options from the dropdown to choose which policy to apply:
1. Before Authorisation or When Issuer Requests (Default)
2. Before Authorisation Only
3. When Issuer Requests Only (Bypass)
4. Before Authorisation or When Issuer Requests (PSD2)
5. Before Authorisation Only (PSD2)
6. When Issuer Requests Only (PSD2) (Bypass)
7. Before Authorisation (PSD2) or When Issuer Requests (All Regions)
The PSD2 options will perform the 3-D Secure authentication only if the transaction falls within the jurisdiction of the European Unions Payment Services Directive 2. Otherwise, it will behave as if 3-D Secure had not been required.
Policy 7 is designed to improve acceptance rates for Merchants serving Cardholders outside the PSD2 area. Under Policy 7, if a Transaction receives a Gateway response code of 65 (SCA required), a step up will be completed to send the transaction to 3-D Secure for all regions, should the Merchant be using the Hosted Integration. Merchant Account preferences can override the 3-D Secure requirement, for more information, please see the article Settings for SCA. Importantly, if an Issuer from any location mandates a 3-D Secure Challenge, Policy 7 will honour the request and enable the transaction to step up with 3-D Secure Authentication and present a challenge to the Cardholder.
PSD2 SCA Tab
Specify if you wish to automatically apply a Low Value SCA exemption on qualifying transactions made on this Merchant account or an alternative exemption on all other transactions. The actual exemptions requested will depend on those supported by your Acquirer.
For further information about the exemptions, see the 'click here' link or the 3DS Exemptions article.
Request Low Value Exemption
Request Alternative Exemption
Click ‘Update SCA Exemptions’ to save and apply any changes.
Not all Acquirers currently support all exemptions and the Gateway will ignore any unsupported exceptions requested.