3D Secure 2/Recurring

3D Secure 2/Recurring

SCA is a European regulatory requirement to combat and reduce fraud and make online payments more secure in every aspect.

There are three elements, that must be independent of one another, and have to be considered to verify the identity of the consumer: PIN or password, smartphone, and scan or fingerprint.

Supported brands are Mastercard, VISA, American Express, Diners Club, and Discover.

It is mandatory to send these optional request parameters for an initial transaction:

  • consumerEmail (or consumerBillingPhone or consumerBillingMobilePhone for Visa Transactions from 12th August 2024)

  • consumerBillingFirstname

  • consumerBillingLastname

If "emerchantpay" is the chosen acquirer, parameters consumerBillingAddress1, consumerBillingCity, consumerBillingZipCode and consumerBillingCountry must be added.

3DS2 Use Cases

To start the payment process a request must be sent to a specific URL containing 3D Secure 2 request parameters for QPAY Checkout Page and QMORE Checkout Seamless.

One-Time Payment

One-time payment is a fast way to make a single, non-recurring payment. Every transaction is consumer-initiated, therefore SCA based on PSD2 is required.

One-Click Checkout

Each One-click checkout transaction falls under the SCA requirements because it’s executed by the consumer in session. Merchants have to store credit card data as a token in their webshops for recurring payments. The advantage is that consumers can initialize the transaction just in a few steps with data stored in the shop. Every transaction is consumer-initiated so they need to give permission the first time for one-click checkout.

In the first request set:

  • consumerEmail (or consumerBillingPhone or consumerBillingMobilePhone for Visa Transactions with 12th August 2024)

  • consumerBillingFirstname

  • consumerBillingLastname

  • consumerChallengeIndicator must be set to 04,

  • merchantTokenizationFlag must be set to true.

If "emerchantpay" is the chosen acquirer, parameters consumerBillingAddress1, consumerBillingCity, consumerBillingZipCode and consumerBillingCountry must be added.

We recommend optional parameters consumerAuthenticationMethod and consumerShippingItemAvailability.

If the result is received after the payment is done then the 3DS2 process is completed for the first payment. If the consumer wants to pay again, the checkout has to be initialized again. Set the sourceOrderNumber with the orderNumber value from the previous payment in the new request. If the process is done by QMORE Checkout Seamless then don’t refer to any Data Storage session again and proceed to the frontend init.

Parameters orderIdent and storageID must not use combined with the parameter sourceOrderNumber.

Subscription Model

With this model, consumers must be informed regarding the terms of the agreement when setting up the recurring payment plan and the first transaction needs an SCA since transactions are merchant-initiated.

In the first request set:

  • consumerEmail (or consumerBillingPhone or consumerBillingMobilePhone for Visa Transactions with 12th August 2024)

  • consumerBillingFirstname

  • consumerBillingLastname

  • consumerChallengeIndicator must be set to 04,

  • merchantTokenizationFlag must be set to true.

If "emerchantpay" is the chosen acquirer, parameters consumerBillingAddress1, consumerBillingCity, consumerBillingZipCode and consumerBillingCountry must be added.

We recommend optional parameters consumerAuthenticationMethod and consumerShippingItemAvailability.

If the result is received after the payment is done then the 3DS2 process is completed for the first payment.

The merchant has to use the recurPayment backend operation with the sourceOrderNumber, the merchantTokenizationFlag with the value true and the periodicType with the value recurring. The sourceOrderNumber is the orderNumber from the last recurring transaction and if the last transaction was the initial transaction, use this orderNumber for the sourceOrderNumber instead.

Recurring Payment with Different Amount by Each Payment

Unlike the subscription model where recurring payments happen with the same amount on a fixed date, PSD2 has the possibility to execute unscheduled merchant-initiated transactions (UCOF). Merchants have to consider that consumers must be informed regarding the terms of the unscheduled credential on file. The first transaction needs an SCA since transactions are merchant-initiated.

In the first request set:

  • consumerEmail (or consumerBillingPhone or consumerBillingMobilePhone for Visa Transactions with 12th August 2024)

  • consumerBillingFirstname

  • consumerBillingLastname

  • consumerChallengeIndicator must be set to 04,

  • merchantTokenizationFlag must be set to true.

We recommend optional parameters consumerAuthenticationMethod and consumerShippingItemAvailability.

If the result is received after the payment is done then the 3DS2 process is completed for the first payment.

The merchant has to use the recurPayment backend operation with the sourceOrderNumber, the merchantTokenizationFlag with the value true and the periodicType with the value ucof. The sourceOrderNumber is the orderNumber from the last recurring transaction and if the last transaction was the initial transaction, use this orderNumber for the sourceOrderNumber instead.