3D Secure 2/Recurring

3D Secure 2/Recurring

SCA is a European regulatory requirement to combat and reduce fraud and make online payments more secure in every aspect.

There are three elements, must be independent of one appendix-caption other, that have to be considered to verify the identity of the consumer: PIN or password, smartphone, and scan or fingerprint.

Supported brands are Mastercard, VISA, American Express, Diners Club, and Discover.

Mandatory is to sent minimum these three request optional parameters consumerEmail, consumerBillingFirstname and consumerBillingLastname.

3DS2 Use Cases

To start the payment process a request must be sent to a specific URL containing 3D Secure 2 request parameters for QPAY Checkout Page and QMORE Checkout Seamless.

You can deposit transactions in the Payment Center, by the backend operation deposit or by the request parameter autoDeposit.

One-Time Payment

One-time payment is a fast way to make a single, non-recurring payment. Every transaction is consumer-initiated, therefore SCA based on PSD2 is required.

One-Click Checkout

Each One-click checkout transaction falls under the SCA requirements because it’s executed by the consumer in session. Merchants have to store credit card data as a token in their webshops for recurring payments. The advantage is that consumers can initialize the transaction just in a few steps with data stored in the shop. Every transaction is consumer-initiated so they need to give permission the first time for one-click checkout.

In the first request you have to set:

  • consumerBillingFirstname, consumerBillingLastname and consumerEmail are mandatory parameters,

  • consumerChallengeIndicator must be set to 04,

  • merchantTokenizationFlag must be set to true.

We recommend optional parameters consumerAuthenticationMethod and consumerShippingItemAvailability.

If the payment is done and you receive the result, the 3DS2 process is also completed for the first payment. If the consumer wants to pay again, the checkout has to be initialized once again as above by the consumer, set the parameter sourceOrderNumber with the orderNumber value from the previous payment in the new request. If you do that by QMORE Checkout Seamless, you must not refer to any Data Storage session again and just proceed to the frontend init.

Parameters orderIdent and storageID must not use combined with the parameter sourceOrderNumber.

Subscription Model

With this model, consumers must be informed regarding the terms of the agreement when setting up the recurring payment plan and the first transaction needs an SCA since transactions are merchant-initiated.

In the first request you have to set:

  • consumerBillingFirstname, consumerBillingLastname and consumerEmail are mandatory parameters,

  • consumerChallengeIndicator must be set to 04,

  • merchantTokenizationFlag must be set to true.

We recommend optional parameters consumerAuthenticationMethod and consumerShippingItemAvailability.

If the payment is done and you receive the result, the 3DS2 process is also completed for the first payment.

The merchant has to use the recurPayment backend operation with the sourceOrderNumber, the merchantTokenizationFlag with the value true and the periodicType with the value recurring. The sourceOrderNumber is the orderNumber from the last recurring transaction and if the last transaction was the initial transaction, use this orderNumber for the sourceOrderNumber instead.

Recurring Payment with Different Amount by Each Payment

Unlike the subscription model where recurring payments happen with the same amount on a fixed date, PSD2 has the possibility to execute unscheduled merchant-initiated transactions (UCOF). Merchants have to consider that consumers must be informed regarding the terms of the unscheduled credential on file. The first transaction needs an SCA since transactions are merchant-initiated.

In the first request you have to set:

  • consumerBillingFirstname, consumerBillingLastname and consumerEmail are mandatory parameters,

  • consumerChallengeIndicator must be set to 04,

  • merchantTokenizationFlag must be set to true.

We recommend optional parameters consumerAuthenticationMethod and consumerShippingItemAvailability.

If the payment is done and you receive the result, the 3DS2 process is also completed for the first payment.

The merchant has to use the recurPayment backend operation with the sourceOrderNumber, the merchantTokenizationFlag with the value true and the periodicType with the value ucof. The sourceOrderNumber is the orderNumber from the last recurring transaction and if the last transaction was the initial transaction, use this orderNumber for the sourceOrderNumber instead.