PSD2 compliant payment gateway

Need a payment gateway that supports Strong Customer Authentication (SCA) requirements for the EU Payment Services Directive (PSD2)? The EU requirements went into effect September 14, 2019 and like many new regulatory and card acceptance rules changes, some payment gateways are ready, some are not, and some may never get updated. This article addresses online payments and ecommerce transactions only.

Do US companies with a US merchant accounts need to comply with PSD2?

Yes. This is hard to decipher when researching, but the key is, yes must comply if a transaction even ‘passes through’ the EU.

  • One leg out (OLO) transactions in any currency (where one of the Payment Service Providers (PSPs) is located inside the EEA and the other PSP is located outside the EEA). For example, a transaction involving US merchant account and an EU card issuer.

How does PSD2 Strong Cardholder Authentication impact US merchants?

  • It’s not required for Ecommerce transactions from EU cardholders to US merchants with US merchant accounts.
  • US merchants may experience increased issuer declines if not using SCA.
  • US merchants will likely experience increased fraud as the pool of web sites shrinks where criminals can commit fraud and get away with it.
  • GDPR regulations for ecommerce transactions from EU cardholders to US merchants with US merchant accounts does apply; choose payment gateways that support both GDPR and 3DS v2.2.0.

Which online payments are exempt from PSD2?

  • Commercial cards where there is no cardholder name, and thus no way to authenticate an individual.
  • Recurring transactions for the same amount- PSD 2 applies for the initial transaction. If the amount changes, PSD 2 applies. PSD 2 applies for Unscheduled Credential On File for each transaction unless cardholder whitelists as per next item.
  • White-lists of trusted beneficiaries- cardholders can notify their issuer to allow payments to go through without SCA after initial transaction.

How can merchants get compliant with PSD2?

Merchants should use a payment gateway that supports 3DS v2.2.0, which supports Strong Customer Authentication or SCA. Visa specifically states in their rules (Table 5-17: Acquirer Support of Visa Secure by Region/Country – Requirements) that acquirers in the EU must process transactions using Visa Secure, which is their version of 3D Secure, a global protocol for securing card not present transactions. Only 3D Secure 2.x, not 1.0, meets the PSD2 requirements, with v2.2.0 being the most current as of this writing. This will get merchants compliant with PSD2.

Which payment gateways support 3DS v2.2.0?

Because the payment gateway may one of multiple components in the checkout process it may not be on a certification list. One popular payment gateway apparently is not being updated- Authorize.net; users are advised to upgrade to Cybersource per the Cybersource web site.

Want a GDPR and 3DS v2.2.0 compliant payment gateway for your business? Contact us for solutions.

Resources:

  • EU US Privacy Shield https://ec.europa.eu/info/sites/info/files/2016-08-01-ps-citizens-guide_en.pd_.pdf
  • EU Law https://eur-lex.europa.eu
  • UK Financial Conduct Authority https://www.fca.org.uk/firms/revised-payment-services-directive-psd2
  • https://www.cybersource.com/en-EMEA/psd2/upgrade/
  • Card network rules (links)
  • https://www.worldpay.com/en-gb/merchants/psd2

DISCLAIMER: condensed and incomplete information! Information may be quickly outdated.

Want a GDPR and 3DS v2.2.0 compliant payment gateway for your business? Call Christine Speedy, 954-942-0483, 9-5 ET.

American Express SafeKey for hotels

Direct from American Express hospitality industry webinar, hotels number one protection from card not present fraud is American Express SafeKey®. SafeKey leverages the global industry standard, 3-D Secure®*, to detect and reduce online fraud by adding an extra layer of security when Card Members pay online.

How to mitigate 3rd party authorization chargeback risk? Merchant best practices:

  • Ensure the cardholder participated in the initial transactions. Safekey is the best method to prove that, making signatures irrelevant.
  • Get written authorization of what expenses the cardholder will allow.
  • Put cardholder name on the folio.
  • Show where cardholder opted in to all policies, including damages, cancellation etc.
  • Authorization must be CARD NOT PRESENT.
  • Use solution that includes cardholder name in the authorization response; retrievable record.

American Express SafeKey

How does Amex SafeKey impact the customer shopping experience? The cardholder may have some or no difference in the checkout experience, based on many factors, including prior online shopping history. The cardholder may be asked authentication question(s) to confirm it’s really the cardholder.

How does Amex SafeKey impact merchants?

  • Fraud liability for “It wasn’t me, I didn’t authorize it” goes away as liability shifts back to the issuer.
  • For business to business, where cardholder billing and shipping address frequently vary, cardholder authentication plays an important role not available with four digit CID security code validation only.
  • At this writing, American Express merchants do not receive a specific interchange discount as may be available with other card brands.

How can merchants adopt the Amex SafeKey service?

  1. Enroll your company on the American Express web site. https://network.americanexpress.com/globalnetwork/safekey/us/en/merchants-acquirers
  2. Receive e-mail from SafeKey Certification Team with your SafeKey ID and next steps.
  3. SafeKey Certification Team gets approval from Acquirer.
  4. Acquirer and SafeKey Certification Team complete required setup.
  5. Activate 3-D Secure on the application. (Ecommerce shopping cart, payment gateway, or ERP.) Both payment gateway and application must support the service.

* 3-D Secure is a registered trademark of Visa International Service Association in the United States and other countries.

Want to add American Express SafeKey to your business and get a great third party authorization form solution all included? Contact CenPOS global sales and integrations reseller, Christine Speedy, 954-942-0483 for more information.

10 Most Promising Payment and Card Solution Providers 2019

Who made the top 10 list of of most payment and card solutions providers? The first ten companies to fork out $3000, which 3D Merchant Services declined to pay. The criteria for getting on the top ten list of anything and then to top google search results is usually all about the money, not the product. Here’s an actual offer for how to get on the top ten list, just pay the bucks and you’re in!

Greetings from MyTechMag, a technology magazine which has already proved its strong hold in various industries and technology vertical. Now MyTechMag is all set to explore the Payment industry focusing on the Payment and Card Solution Providers. With great pleasure I would like to communicate that our Editorial team has selected as one among the “10 Most Promising Payment and Card Solution Providers 2019”.

Payments are now evolving at a rapid pace with new providers, new platforms, and new payment tools launching on a near daily basis.The payments industry would be in a transformational state in 2020. The ongoing war with alternative payment channels will intensify and challenges in emerging markets would force the incumbents to take drastic measures.

I was exploring the possibility of participating in this special edition. We offer a one-page profile to all the Top 10 companies. We would be keen to feature a one-page exclusive profile about  in our upcoming Payment and Card edition. The company profile will provide an in-depth perspective of the company’s product offerings, strengths, and unique proposition. The Payment and Card special edition will be sent to 166,000 technology leaders across the industry verticals.

The Branding package is at a cost of $3,000
* would have unlimited digital and prints right for the one-page profile with Senior Executives photo.
* One Full Page color advertisement space in the magazine.
* will also receive the logo of the “10 Most Promising Payment and Card Solution Providers 2019”.
* We would be happy to host all the news from your company on our website.

This is undoubtedly going to optimize your company visibility as it will reach 166,000 senior leaders, and key decision makers across the industry. Kindly go through the same and let me know your thoughts on how you would like to take this opportunity ahead.

I look forward to hearing from you.

When you need to find the best payment processing solution or credit card processing solution, call a professional and have a conversation. How knowledgeable is that person? For web sites, does it have material relevant for your business?

Did you find this web site useful? Call Christine Speedy, PCI Council QIR certified, for all your payment processing solutions needs. Have a knowledgeable professional helping you maximize profits. 954-942-0483, 9-5 ET.

MasterCard and Visa Class Action Suit Update 2019

The U.S. District Court in the Eastern District of New York has preliminarily approved a proposed settlement of between $5.54 Billion and $6.24 Billion in a class action lawsuit against Mastercard, Visa and member banks. Millions of merchants were sent direct mail solicitations from law firms in 2019, possibly creating confusion about how to process claims.

visa mastercar payment card settlment
Official court notification sample and official settlement web site.

The final approval hearing is November 9, 2019 and if nothing changes, merchants will be able to file their claim through a simple process. Merchants will automatically be notified about the process; at this time, there is nothing to do.

In the interim, if you have any questions, please visit the official settlement website www.paymentcardsettlement.com.

EMVCo Launches EMV 3-D Secure 2.2.0 Testing Programme

Confirms that EMV 3-D Secure products support merchant whitelisting functionality and authentication of additional e-commerce payment scenarios.

25 June 2019 – EMVCo has updated the EMV® 3-D Secure (EMV 3DS) Testing Programme which includes test platform and process updates to support the EMV 3DS 2.2.0 Core Specification and EMV 3DS 2.2.0 SDK Specification released in December 2018.
Using the EMV 3DS Test Platform, EMV 3DS product providers can validate that their products support all the enhancements introduced in EMV 3DS 2.2.0, such as the exemptions to Strong Consumer Authentication (SCA) for the European Second Payment Services Directive (PSD2). Additionally, the test platform will also validate support for FIDO enhancements, and authentication for new payment scenarios, such as mail order and telephone purchase transactions.

“Testing and approving 3DS products using the EMV 3DS Test Platform provides the industry with confidence that 3DS products are aligned with the EMV 3DS specifications to ensure delivery of effective and convenient e-commerce authentication,” comments Karteek Patel, EMVCo Executive Committee Chair. “Our specifications and testing frameworks can’t be static. EMVCo works with industry experts to ensure the 3DS infrastructure supports the latest requirements of e-commerce stakeholders.”


EMVCo’s EMV 3DS Testing Programme, launched in August 2018, has approved more than 100 3DS products to date. This update to the Test Platform references additional features for merchants and issuers to maximise the benefit of the available SCA exemptions, including the ability of a consumer to whitelist a merchant.
EMV 3DS is a messaging protocol that promotes secure, frictionless consumer authentication for card-not-present, e-commerce purchases across channels and connected devices. To learn more about EMV 3DS, please read the FAQ that is available for download from the EMVCo website.