3DS2 Guide

This is a brief guide to achieving PSD2 Compliance with 3DS2 SCA on the OpenTransact platform. We provide a unified API for applications to integrate to which works with 3DS2 support in multiple gateway products as well as third party 3DS Servers and MPI products. Please check with your specific gateway provider for details about their PSD2 compliance, conditions, and unique features to ensure your application can achieve full compliance with them.

Using the OpenTransact API and Client SDKs vastly simplifies the integration for accomplishing PSD2 compliance, however this is a complicated regulation and the interpretation of the rules is constantly changing. Even though some of the data points within teh specification are optional, it is always best to include as much of the data as possible in order to achieve the highest acceptance rate you can.

Configure Your Application for 3DS2

Contact support@zipmark.com in order to configure processing rules on your account which will enable the following flows to happen automatically for customers who are subject to the requirements of PSD2.

Implement the OpenTransact Javascript SDK

By convention, the OpenTransact API and Javascript SDK use the metadata object on Account and Transaction resources to control and trigger flows for 3DS2 SCA.

If an Account or Transaction is returned from our API where the value of metadata.threeDSecure.required is true, you should initiate the appropriate authentication flow.

Common spots for integration are:

  • Add a card, and card management screens
  • Transactionn processing screens
  • Subscription Enrollment and management
  • Any onboarding screen or other screen where you accept payment information

Exceptions & Grandfathering

PSD2 allows recurring payment arrangements to skip authentication. This will allow for seamless billing of customers on a schedule where they have subscribed to a service within your system. Include all of the 3DS data with your merchant initiated subscription and where possible authentication will be skipped entirely.

PSD2 allows subscription and recurring agreements which were entered into between a merchant and customer prior to 9/14/2019 to be grandfathered and processed without requiring SCA to be completed by the customer. For the first transaction, include the grandfathered flag, future transactions can omit it.

If the attached account was vaulted prior to 9/14/2019, the transaction will skip the ThreeDS2 SCA flow.

Implement as many data points as possible

In order to calculate the full list of datapoints that 3DS2 requires, OpenTransact uses information already in the system or already being provided by your application in the metadata. For full coverage of possible datapoints, ensure you are setting default metadata attributes for the Account and Transaction objects during creation:

  • Set the metadata.customer_ip_address key
  • Set the metadata.shipping_address_id key
  • Set the metadata.home_phone_number_id key
  • Set the metadata.work_phone_number_id key
  • Set the metadata.work_phone_number_id key
  • Set the metadata.order_email_id key

Table of contents