Skip to main content
You are viewing content for . View content for other locations.
×

Last updated October 1, 2019.

Strong Customer Authentication (SCA) requirements -- part of the revised Payment Services Directive (PSD2) regulations in Europe -- mandate that two-factor authentication be performed on many card transactions. Merchants that don’t apply two-factor authentication to their transactions risk an increase in declines from customers’ banks once the requirements are enforced. For the latest information on the ever-evolving regulatory landscape in Europe, please refer to our SCA cheatsheet.

3D Secure 2 (3DS2) is the solution Braintree recommends merchants adopt in order to be SCA-ready. The latest 3DS authentication protocol update allows merchants to meet these new requirements as well as help transfer liability for fraud disputes to issuers and reduce costs associated with chargebacks.

While the solution itself is simple, the ways that merchants will need to apply SCA using 3DS2 will vary based on business models or how they transact with customers. So let’s take a closer look at how SCA can be added into payment flows for some common payment scenarios.

One-time transaction

Business type:

Ecommerce (direct-to-consumer online retailers)

Payment scenario:

A standard one-time payment for a product or service.

In this scenario, the customer authenticates for the total amount of the purchase, the issuer authorizes that amount, then the merchant captures and settles for that amount. If the transaction qualifies under SCA requirements, merchants can use 3DS2 to verify the cardholder during the checkout process. Merchants can apply for exemptions if they choose to do so, but need to be aware that they will be responsible for chargebacks categorized as fraud.

Payment flow:

Flow chart showing authentication 100 dollars authorization 100 dollars capture/settlement 100 dollars

Recurring payments

Business type:

Subscription (ex. gym membership); metered billing (ex. utility bill)

Payment scenario:

A recurring payment, either for the same amount and same frequency or for variable amounts and/or variable frequency.

In this scenario, the merchant can request a cardholder challenge to establish SCA when the card is first authorized for the subscription. This can occur with a verification or the first transaction, however we would generally recommend that SCA be applied to the first transaction whenever possible. As long as the customer has authenticated the first authorization, subsequent recurring transactions will qualify as merchant-initiated, which are out of scope from SCA.

Payment flow:

Flow chart showing authentication 20 dollars authorization 20 dollars 20 dollars 25 dollars capture/settlement 20 dollars 20 dollars 25 dollars

Single order, multiple shipments

Business type:

Ecommerce (direct-to-consumer online retailers)

Payment scenario:

An order in which products ship separately at different times due to availability or fulfilment, and payments are captured at the time of shipment.

In this scenario, the customer authenticates for the full amount, the issuer authorizes that amount, but the merchant would later need to perform merchant-initiated transactions (MITs) to capture each portion of the total when products are shipped and delivered.

Payment flow:

Flow chart showing authentication 650 dollars authorization 200 dollars 150 dollars 300 dollars capture/settlement 200 dollars 150 dollars 300 dollars

Tips

Business type:

Food delivery, ride sharing

Payment scenario:

A transaction in which tips or other additional charges are added by the customer after the initial amount.

In this scenario, the customer authenticates for the original transaction amount, the issuer authorizes that amount, then the merchant captures and settles that amount. If the final amount after the tip is added is higher than the original amount, the customer would need to perform a second authentication for the difference, followed by issuer authorization and merchant capture and settlement for the difference. (Merchants could also authenticate for more than the original amount the first time so that what is eventually captured after tips are added is still less than that authenticated amount, but doing so may lead to customer confusion.)

Payment flow:

Flow chart showing authentication 800 dollars 160 dollars authorization 800 dollars 160 dollars capture/settlement 800 dollars 160 dollars

Incidentals

Business type:

Ride sharing, hotels

Payment scenario:

A transaction in which additional charges are added by the merchant after the initial amount.

In this scenario, the customer authenticates for the original transaction amount, the issuer authorizes that amount, then the merchant captures and settles that amount. If the final amount after any incidentals are added is higher than the original amount, the merchant would need to perform an MIT to capture the difference. (Merchants could also authenticate for more than the original amount the first time so that what is eventually captured after incidentals are added is still less than that authenticated amount, but doing so may lead to customer confusion.)

Payment flow:

Flow chart showing authentication 800 dollars authorization 800 dollars 160 dollars capture/settlement 800 dollars 160 dollars

Single order, multiple sellers/payees

Business type:

Marketplaces (ex. online travel agencies with flight, hotel, and rental-car vendors)

Payment scenario:

An order in which multiple sellers are paid from a single consumer checkout experience.

For this scenario, each card network has set up its own guidelines for processing in accordance with the PSD2 requirement to “[ensure] that the elements dynamically link the transaction to an amount and a payee specified by the payer when initiating the transaction.” So while there will be variability from card network to card network, each solution can be implemented without any inherent risk of declines.

Payment flow:

Flow chart showing authentication 800 dollars authorization 600 dollars 200 dollars capture/settlement 600 dollars 200 dollars

3DS2: Braintree’s SCA solution

Regardless of business model or payment scenario, merchants who do not perform SCA on transactions that require it are likely to see an increase in declines after the requirement is enforced. 3DS2 via Braintree provides a simple way to authenticate cardholders with a no- to low-friction checkout experience for cardholders, and allows merchants to shift liability to the issuers on authenticated transactions to help reduce costs associated with chargebacks categorized as fraud. Braintree’s 3DS2 solution also offers built-in support for both 3DS2 and 3DS1 protocols and can automatically divert your transactions, so you can be sure your business will be SCA-compliant regardless of issuer readiness.

Additional reading:

  • Learn more about PSD2: Strong Consumer Authentication here.
  • Learn more about the latest update of the 3D Secure protocol here.
  • Learn more about Braintree’s 3DS2 solution here.
  • Get started with integration documentation here.
  • Sign up for our newsletter.

    If you accept cookies, we’ll use them to improve and customize your experience and enable our partners to show you personalized ads when you visit other sites. Manage cookies and learn more