What do I need to do to comply to PSD2 and SCA?

First, you need to make sure that 3-DS is enabled on your online store for all your payment methods (Visa, MasterCard, American Express, Carte Bancaire, JCB). Make sure it's done. If not, please ask our support to activate it.

As 3-D Secure version 2 (3DSv2) aims to grant the Strong Customer Authentication (SCA) trigger to the issuing bank, the issuing bank needs to better assess the risk involved within transaction. As a consequence the 3DSv2 specification contains a lot of data elements. Good news if you are using our fraud tool, since some of them are already commonly used in our fraud screening!  Of course, some are new and specific to 3-D Secure v2. In summary the data elements can be categorized as follows:

  • Mandatory information - browser data:
      • Card holder name (CN)
      • Integration with Shopping Carts?
        You are kindly invited to go onto the shopping cart market place to install the latest version of the Worldline plugin or take contact with your supplier directly. 
      • If you are using our eCommerce page, mandatory information are collected by Worldline. You can directly go to the recommended information below.
      • If you are using your own payment page, you will need to collect mandatory information yourself as per below. We advise you to consult our support page to find out how and take a look at the example of java script.
    • Read more in the Directlink 3D guide
  • Recommended information - these could possibly be used as part of fraud prevention screening:
      • Email (EMAIL)
      • IP address (REMOTE_ADDR)
      • Phone number (Mpi.WorkPhone.subscriber, Mpi.HomePhone.subscriber ...)
      • Billing address (ECOM_BILLTO_POSTAL_CITY, ECOM_BILLTO_POSTAL_COUNTRYCODE, ECOM_BILLTO_POSTAL_STREET_LINE1 ...)
      • Shipping address (ECOM_SHIPTO_POSTAL_CITY, ECOM_SHIPTO_POSTAL_COUNTRYCODE, ECOM_SHIPTO_POSTAL_STREET_LINE1 ...)
    • Note that the recommended/optional parameters should be provided to benefit from the friction less flow which can increase your conversion.
  • Optional information – extended cardholder/account data as introduced by EMVCo:
      • Mpi.cardholderAccountAgeIndicator
      • Mpi.cardholderAccountChange
      • Mpi.cardholderAccountPasswordChange
      • Mpi.suspiciousAccountActivityDetected
      • Mpi.threeDSRequestorChallengeIndicator
    • Read more in the full list

Our existing APIs already capture a lot of the data elements, but we are adding a lot of new data elements. The reason is that we believe that everybody in the payments ecosystem benefits from increased security, with the least amount of negative impact to the experience of the consumer. Payments are based on trust and by providing more data it becomes easier for parties to trust one-another, without requiring additional challenges to authenticate the consumer. Almost all of the newly added data elements are optional, but we advise you to supply as much of them as possible. This increases the likelihood of your transactions following the frictionless flow, while you benefit from liability shift. In case you use the Worldline hosted payment page, we will capture the browser related data automatically.

The level of required changes will differ based on the type of integration you have with Worldline.