Support
Company
CUSTOMERS
Stay in Touch
Sign up to our newsletter to stay informed about PCI compliance news, and updates regarding new BlueTime features.
Understanding Visa’s new 3DS data requirements and how to address those in Orchestra
As part of our effort to provide our customers with a comprehensive payment orchestration service, we keep in close contact with the card schemes and other providers in order to provide our customers all the information available – and all the tools necessary, to address changes in the payment world. The following changes apply to performing 3D Secure authentication on Visa cards.
In a recent announcement, Visa advised merchants and providers of changes in the data that it requires for processing 3D Secure transactions. Visa now requires sending Personally Identifiable Information (PII) data in all 3D Secure authentications. According to Visa, the PII data will help issuers decide whether to challenge an authentication request, leading to lower challenge rates and higher approval rates for 3D Secure authentications.
As of 12 August 2024, Visa requires the following parameters be sent in all Visa 3D Secure authentication requests:
Since the very beginning of offering 3D Secure authentications in Orchestra, we have provided our 3D Secure processor the general data now required here. This requirement therefore had no impact on us and naturally, on you.
When sending the 3D Secure authentication request, we pass all the card details that we have stored collected in the form – this includes the card holder’s name. This requirement therefore as well, had no impact on us and naturally, on you.
The requirement of providing the card holder’s email address or phone number is new to us as well and we had to amend our system to add several parameters in our requests to allow you to pass these details to us.
In order to provide the card holder’s email address or phone number, we have enhanced our 3DS library to include two additional parameters where you can provide these values.
All of our documentation pages have been updated with the relevant information.
The new requirements will be strictly enforced as of 12 August 2024. If we do not provide these values to our 3D Secure provider, these authentication requests will be rejected. Therefore, we have implemented a backup process whereby, if the data is not provided in the request to our API, we will provide our own email address as part of the authentication request. We strongly recommend that you collect and send this data when performing 3DS authentication using the 3DS library in Orchestra as this data will be used to validate the authentication requests and while accurate data is designed to help reduce the number of challenges and improve successful authentications, incorrect data may cause the exact opposite with a higher number of challenges and an increase in failed authentications.
Please note, at present, these changes are only applied to 3D Secure authentications of Visa cards. 3DS authentication of other card brands are unaffected.
If you have any questions or concerns, please feel free to contact our support team.
Sign up to our newsletter to stay informed about PCI compliance news, and updates regarding new BlueTime features.