Migrating from EMV 3-D Secure 1.x to 2.x FAQ

Q: Is a new JWT required for each transaction?
A: Yes, even though the JWT does not expire for two hours, you should send a new JWT with each new transaction.
Q: How do you link the device data to the transaction-level data?
A: There are two ways:
  • You can create a reference ID in the original JWT and then pass that same value for the
    payerAuthEnrollService_referenceID
    request field for the Check Enrollment service.
  • You can use the session ID returned from
    Payments.setupComplete
    for the
    payerAuthEnrollService_referenceID
    request field for the Check Enrollment service.
Q: When will the Payer Authentication reports include the new fields for EMV 3-D Secure 2.x?
A: They will be added in a future release.
Q: Will my current implementation continue to work while I am implementing and testing the newer version in parallel?
A: Yes, current implementation will continue to work.
Q: What testing should I conduct to ensure that my code is working correctly?
A: Use the test cases (Test Cases for 3-D Secure 2.x) to test your preliminary code and make the appropriate changes.
Q: How does EMV 3-D Secure 2.x authentication improve the experience for a customer who uses a mobile or tablet device?
A: EMV 3-D Secure 2.x works the same for each device, and you have control over the formatting of the authentication form. EMV 3-D Secure 2.x also supports newer, more secure authentication delivery tools, such as a one-time password (OTP) sent to a customer’s mobile device or email.