Merchants in Europe and the UK are getting ready for the new strong customer authentication requirements. The implementation deadline of 31 December 2020 (14 March 2021 in the UK) is fast approaching. We’ve been receiving questions from customers about the testing process, which I explain below.
Scope
Before we devise any testing plans, we look to understand the scope of the activity with the merchant or integrating business partner. There are various possible routes, so we’ll spend some time discussing transaction types, acquirer and product selection. From there we agree an end-to-end solution that suits the requirements and meets best practice guidance.
Some merchants prefer complete control of the process and use the Gateway API to manage every step of the 3D Secure and transaction processing themselves. Others prefer to hand over to an iFrame and use the Checkout Solution, allowing PXP Financial to navigate the complexities of payments and 3D Secure on their behalf.
3D Secure versions
PXP Financial’s ANYpay gateway already supports both 3DS 1.0 and 3DS 2.0. We’re certified with the main international card schemes for both. This means we can automatically use the 3DS version supported by the cardholder’s issuer. We can also automatically render the authentication pop-up window for the cardholder’s device to help make the process as smooth as possible.
We have devised four SCA policies for processing online payments. These suit all merchants, sectors and geographies. We’re working with customers to implement them in the way that best fits their trading patterns and customer base. They are as follows:
|
Policy |
Description |
|
1 |
Apply strong customer authentication only when both the card issuer and acquirer are located within the EEA, using the 3DS version supported by the card issuer. SCA exemptions to be applied by PXPF where possible. Default unless otherwise specified |
|
2 |
Apply strong customer authentication on all payments regardless of where the card issuer is located, using 3DS 2.0. If strong customer authentication is mandated but 3DS 2.0 is not supported by the card issuer, then use 3DS 1.0. SCA exemptions to be applied by PXPF where possible. |
|
3 |
Apply strong customer authentication on all payments regardless of where the card issuer is located, using the 3DS version support by the card issuer. SCA exemptions to be applied by PXPF where possible. |
|
4 |
Do not apply strong customer authentication. |
Test scripts
With the approach agreed, we create and share a tailored test script to suit the integration. Merchants or integrating partners then complete their development and work through the script provided, returning the completed script back for validation. Once tests have been validated and passed, we issue a sign-off certificate and hand over to the implementation team who move the project forward to production go live.
Want to know more?
For more information on the policies, please visit https://developer.pxp-solutions.com/reference#sca-policy. Our ANYpay online developer hub also contains various integration guides, API references, examples and test scripts and is publicly available at https://developer.pxp-solutions.com.
For more information or a consultation, e-mail sales@pxpfinancial.com or complete your details on the contact form below.
