EMV 3-D Secure 2.x provides these benefits:

If PSD2 affects you, you must upgrade to EMV 3-D Secure 2.x.

PSD2 requires additional security measures outlined in the Regulatory Technical Standards (RTS) that will apply in the future. PSD2 requires stronger identity checks for online payments, particularly for high-value transactions.

PSD2 means changes for all companies in Europe that deal with payments. Some of the implications for merchants include:

Two types of integration are available for EMV 3-D Secure 2.x:

If you are currently using Payer Authentication services in your business processes and need to upgrade to EMV 3-D Secure 2.x, we recommend using the Direct API integration. The Direct API integration most closely resembles the current process in which you request the Enrollment Check service to verify that the customer is enrolled in one of the card authentication programs and receive a response. With EMV 3-D Secure 2.x, that response includes a new value, the processor transaction ID.

For enrolled cards, include the Access Control Server (ACS) URL, payload, and processor transaction ID to proceed with the authentication session. Then, request the validation service, sending the processor transaction ID with your request, and receive a response with the e-commerce indicator and Cardholder Authentication Verification Value (CAVV) or Account Authentication Value (AAV).

For more information about the Direct API, see Implementing Direct API for Payer Authentication.

For details about the other integrations, see Implementing SDK Payer Authentication.

Q: Is a new JWT required for each transaction?

A: Yes, even though the JWT does not expire for two hours, you should send a new JWT with each new transaction.

Q: How do you link the device data to the transaction-level data?

A: There are two ways:

Q: When will the Payer Authentication reports include the new fields for EMV 3-D Secure 2.x?

A: They will be added in a future release.

Q: Will my current implementation continue to work while I am implementing and testing the newer version in parallel?

A: Yes, current implementation will continue to work.

Q: What testing should I conduct to ensure that my code is working correctly?

A: Use the test cases (Test Cases for 3-D Secure 2.x) to test your preliminary code and make the appropriate changes.

Q: How does EMV 3-D Secure 2.x authentication improve the experience for a customer who uses a mobile or tablet device?

A: EMV 3-D Secure 2.x works the same for each device, and you have control over the formatting of the authentication form. EMV 3-D Secure 2.x also supports newer, more secure authentication delivery tools, such as a one-time password (OTP) sent to a customer’s mobile device or email.