Strong Customer Authentication (SCA) is a new European requirement created to make online payments more secure. When a European shopper makes a payment, extra levels of authentication will be required at the time of the transaction. If you are having an E-commerce website, you are dealing with the online transactions. It is a necessary thing to have a strong and authenticate your Payment gateway for you and your end users.
The majority of online transactions will be covered under SCA. PSD2 has made it mandatory for service providers to facilitate SCA. PSD2 requires SCA when the following situations arise:
- Accessing payment accounts online
- Initiating electronic transactions
- Any action carried out through a remote channel that presents a risk of payment fraud.
SCA is more than just entering a password. Authentication must include two or more of the following:
- Something you know (e.g Password, Pin)
- Something you have (Mobile phone, Wearable device)
- Something you are (Fingerprint, facial features)
It will be compulsory to use Strong Customer Authentication in Europe Economic Area from 14 September 2019.
Some EEA countries may be delaying their enforcement of PSD2 and SCA. There is a helpful "cheat sheet" outlining the latest developments: http://bit.ly/psd2Sep14. However, you should NOT STOP getting ready for PSD2 as some issuers may not honor the "2-leg in" rule. So, even if your acquirer is in a country that has opted to delay their rollout of PSD2, some of your transactions may still be challenged for SCA.
If You are using PayPal Pro direct to accept card payments on your website, you’ll need to update your payment integration to meet the card issuer's PSD2 obligations.
PayPal enables access to account use cases for TPPs through PayPal’s REST stack. Through PayPal's reliable and proven APIs, TPPs can access the same PayPal systems that power all of PayPal's merchant and consumer experiences.
Integration steps for PayPal Pro Direct
Complete the following steps to integrate 3-D Secure into your existing Direct Payment integration:
1. Register with CardinalCommerce
Before you can use Cardinal Cruise to obtain cardholder authentication, you must register with CardinalCommerce. After you have registered, CardinalCommerce acknowledges your 3-D Secure registration by sending you an email and welcome pack, which includes information about next steps and links for downloading their documentation.
2. Integrate Cardinal Cruise Standard
Refer to the CardinalCommerce documentation.
The diagram below shows the high-level event execution order of a transaction from the merchant's perspective.
3. Test your integration using CardinalCommerce's test procedures
You can't use PayPal's sandbox for testing your Cardinal Cruise integration. You must use CardinalCommerce's test procedures.
4. Make Direct Payment transaction requests using 3-D Secure fields
Once the cardholder is authenticated, execute the direct payment transaction request and include the following 3-D Secure fields: