Migrating from EMV 3-D Secure 1.x to 2.x FAQ
Q: Is a new JWT required for each transaction?
A: Yes, even though the JWT does not expire for two hours, you should send a
new JWT with each new transaction.
Q: How do you link the device data to the transaction-level data?
A: There are two ways:
- You can create a reference ID in the original JWT and then pass that same value for thepayerAuthEnrollService_referenceIDrequest field for the Check Enrollment service.
- You can use the session ID returned fromPayments.setupCompletefor thepayerAuthEnrollService_referenceIDrequest field for the Check Enrollment service.
Q: When will the Payer Authentication reports include the new fields for EMV
3-D Secure 2.x?
A: They will be added in a future release.
Q: Will my current implementation continue to work while I am implementing and
testing the newer version in parallel?
A: Yes, current implementation will continue to work.
Q: What testing should I conduct to ensure that my code is working
correctly?
A: Use the test cases (Test Cases for 3-D Secure 2.x) to test
your preliminary code and make the appropriate changes.
Q: How does EMV 3-D Secure 2.x authentication improve the experience for a
customer who uses a mobile or tablet device?
A: EMV 3-D Secure 2.x works the same for each device, and you have control over
the formatting of the authentication form. EMV 3-D Secure 2.x also supports newer, more
secure authentication delivery tools, such as a one-time password (OTP) sent to a
customer’s mobile device or email.