3DS2 Guide
This is a brief guide to achieving PSD2 Compliance with 3DS2 SCA on the OpenTransact platform. We provide a unified API for applications to integrate to which works with 3DS2 support in multiple gateway products as well as third party 3DS Servers and MPI products. Please check with your specific gateway provider for details about their PSD2 compliance, conditions, and unique features to ensure your application can achieve full compliance with them.
Using the OpenTransact API and Client SDKs vastly simplifies the integration for accomplishing PSD2 compliance, however this is a complicated regulation and the interpretation of the rules is constantly changing. Even though some of the data points within teh specification are optional, it is always best to include as much of the data as possible in order to achieve the highest acceptance rate you can.
Configure Your Application for 3DS2
Contact support@zipmark.com in order to configure processing rules on your account which will enable the following flows to happen automatically for customers who are subject to the requirements of PSD2.
Implement the OpenTransact Javascript SDK
By convention, the OpenTransact API and Javascript SDK use the metadata object on Account
and Transaction
resources to control and trigger flows for 3DS2 SCA.
If an Account
or Transaction
is returned from our API where the value of metadata.threeDSecure.required
is true
, you should initiate the appropriate authentication flow.
Common spots for integration are:
- Add a card, and card management screens
- Transactionn processing screens
- Subscription Enrollment and management
- Any onboarding screen or other screen where you accept payment information
Exceptions & Grandfathering
PSD2 allows recurring payment arrangements to skip authentication. This will allow for seamless billing of customers on a schedule where they have subscribed to a service within your system. Include all of the 3DS data with your merchant initiated subscription and where possible authentication will be skipped entirely.
PSD2 allows subscription and recurring agreements which were entered into between a merchant and customer prior to 9/14/2019 to be grandfathered and processed without requiring SCA to be completed by the customer. For the first transaction, include the grandfathered flag, future transactions can omit it.
If the attached account was vaulted prior to 9/14/2019, the transaction will skip the ThreeDS2 SCA flow.
Implement as many data points as possible
In order to calculate the full list of datapoints that 3DS2 requires, OpenTransact uses information already in the system or already being provided by your application in the metadata. For full coverage of possible datapoints, ensure you are setting default metadata attributes for the Account and Transaction objects during creation:
- Set the
metadata.customer_ip_address
key - Set the
metadata.shipping_address_id
key - Set the
metadata.home_phone_number_id
key - Set the
metadata.work_phone_number_id
key - Set the
metadata.work_phone_number_id
key - Set the
metadata.order_email_id
key