All card brands – sunset of 3-DS 2.1
All card schemes have confirmed the sunsetting of support for EMV 3-DS 2.1 from September 2024.
Key Dates
24 September 2024 |
Support for EMV 3-DS 2.1 in transaction processing ends |
---|
24 September 2024
Support for EMV 3-DS 2.1 in transaction processing ends
After 24 September 2024, no transactions authenticated using EMV 3DS 2.1 can be processed.
In addition Mastercard has also announced a requirement to support additional EMV 3DS features:
- All ecommerce businesses must support and perform authentication app re-direction through the merchant app, the 3DS SDK and EMV 3DS v2.2 transactions if the cardholder authentication method is out of band (OOB).
- 3RI payments are optional, however they offer you the ability to system-generate a payment transaction when the cardholder is not in session. These transactions are used where there is an initial purchase transaction while the cardholder is in session, called consumer-initiated transaction (CIT), followed by subsequent transactions that are 3RI merchant-initiated transaction (MIT). With 3RI payments, you can provide evidence, using the DS Transaction ID field, that strong customer authentication (SCA) has been performed where the customer was involved and maintain your fraud liability protection for the full amount that has been authenticated.
What you need to do:
To avoid non-compliance penalties, you should contact your gateway support team to make sure they are correctly supporting EMV 3DS 2.2 in line with the above requirements, and that they are aware of the recently announced sunset dates for EMV 3DS 2.1.
Mastercard – PSD2 optimisation programme for soft declines
Under PSD2, most ecommerce transactions require strong customer authentication (SCA) unless an exemption or exclusion (like merchant-initiated transactions (MITs)) is applied.
To satisfy these PSD2 SCA requirements, customers are required to use EMV 3DS, an appropriate exemption, or any other SCA-compliant method to avoid issuer SCA soft declines. A SCA soft decline is a declined authorisation where the issuer requests SCA to make it successful. In the event you receive a soft decline you should re-submit the authorisation after successfully authenticating your customer with 3DS.
Mastercard launched the PSD2 optimisation program to monitor transactions to check if EMV 3DS was used after a SCA soft decline. Where a customer is identified as failing this check, under this programme, non-compliance penalties could apply.
What you need to do:
You should contact your gateway support team to make sure that when transactions are soft declined, the transaction is retried with EMV 3DS. For more information relating to PSD2 please visit our website at https://www.elavon.ie/insights/news/psd2.html