Upgrade Paypal payment gateway integration to SCA PSD2

Strong Customer Authentication (SCA) is a new European requirement created to make online payments more secure. When a European shopper makes a payment, extra levels of authentication will be required at the time of the transaction. If you are having an E-commerce website, you are dealing with the online transactions. It is a necessary thing to have a strong and authenticate your Payment gateway for you and your end users.

The majority of online transactions will be covered under SCA. PSD2 has made it mandatory for service providers to facilitate SCA. PSD2 requires SCA when the following situations arise:

  1. Accessing payment accounts online
  2. Initiating electronic transactions
  3. Any action carried out through a remote channel that presents a risk of payment fraud.

SCA is more than just entering a password. Authentication must include two or more of the following:

  1. Something you know (e.g Password, Pin)
  2. Something you have (Mobile phone, Wearable device)
  3. Something you are (Fingerprint, facial features)

It will be compulsory to use Strong Customer Authentication in Europe Economic Area from 14 September 2019.

If You are using PayPal Pro direct to accept card payments on your website, you’ll need to update your payment integration to meet the card issuer's PSD2 obligations.

PayPal enables access to account use cases for TPPs through PayPal’s REST stack. Through PayPal's reliable and proven APIs, TPPs can access the same PayPal systems that power all of PayPal's merchant and consumer experiences.

Integration steps for PayPal Pro Direct

Complete the following steps to integrate 3-D Secure into your existing Direct Payment integration:

1. Register with CardinalCommerce

Before you can use Cardinal Cruise to obtain cardholder authentication, you must register with CardinalCommerce. After you have registered, CardinalCommerce acknowledges your 3-D Secure registration by sending you an email and welcome pack, which includes information about next steps and links for downloading their documentation.

2. Integrate Cardinal Cruise Standard

A Cardinal Cruise integration consists of a JavaScript file called Songbird.js, JSON Web Tokens (JWT) for client authentication, JSON objects to pass from your merchant front-end environment to Cardinal, and event handlers to know when events have completed.

Refer to the CardinalCommerce documentation.

The diagram below shows the high-level event execution order of a transaction from the merchant's perspective.

3. Test your integration using CardinalCommerce's test procedures

You can't use PayPal's sandbox for testing your Cardinal Cruise integration. You must use CardinalCommerce's test procedures.

4. Make Direct Payment transaction requests using 3-D Secure fields

Once the cardholder is authenticated, execute the direct payment transaction request and include the following 3-D Secure fields:


Add comment