Community News

 View Only
  • 1.  Visa Secure Payer Authentication Update for 3DS Authentication (due August 12th, 2024)

    Posted 07-25-2024 10:20
    Edited by Tyler Schemmel 08-08-2024 06:56

    Overview

     

    Visa has revised their guidelines for 3D Secure (3DS) authentication with a deadline of August 12, 2024. These changes have reduced the total number of required fields from 12 to 5 from their previous announcement in February 2024, but this is still an increase from the previous requirements meaning there will be required updates.

    VISA's reasoning

     

    3DS was implemented with the purpose of authenticating users at the time of transaction in the hopes of reducing fraudulent behavior by proving that the user behind the card is the owner of the card. This has worked, but it has had tangible impacts to friction in sign up flows leading Visa to tweak their requirements. They anticipate the below metrics following the adoption of these new fields:

    • Increase merchant authorization rates by 4%.

    • Increase merchant authentication rates by 6% 

    • Increase fraud detection rates at the issuing bank level by >50%.

    • User sign ups to see an increase in frictionless flows by >50%.

    Requirements

    Several fields are now mandatory during the 3DS authentication flow and all of Zuora's integrations will be updated before the August 12th, 2024 deadline to support these fields. Below is a table describing which actions Zuora will handle for you and which may require an update for our customers. 

     

    Priority Data Fields

    Requirement Status

    Action Required

    Browser IP Address

    Mandatory (Browser)

    None. Zuora collects this information automatically in its hosted page solutions.

    Browser Screen Height

    Mandatory (Browser)

    None. Zuora collects this information automatically in its hosted page solutions.

    Browser Screen Width

    Mandatory (Browser)

    None. Zuora collects this information automatically in its hosted page solutions.

    Cardholder Billing Address City

    Recommended

    None. Customers can choose to add this field to their hosted page solution.

    Cardholder Billing Address Country

    Recommended

    None. Customers can choose to add this field to their hosted page solution.

    Cardholder Billing Address Line

    Recommended

    None. Customers can choose to add this field to their hosted page solution.

    Cardholder Billing Address Postal Code

    Recommended

    None. Customers can choose to add this field to their hosted page solution.

    Cardholder Billing Address State

    Recommended

    None. Customers can choose to add this field to their hosted page solution.

    Cardholder Name

    Mandatory (Browser / In-App)

    Customers must add this field to their hosted page solution.

    Cardholder Email Address

    Mandatory - if Cardholder Phone Number not present (Browser / In-App)

    Customers must add Email Address to their hosted page solution or Contact Phone Number.

    Cardholder Phone Number (Work / Home / Mobile)

    Mandatory - if Cardholder Email Address not present (Browser / In-App)

    Customers must add Contact Phone Number to their hosted page solution or Email Address.

    Common Device Identification Parameters (Device IP Address)

    Mandatory (In-App)

    None. Zuora does not provide any standalone applications.

     

    Zuora will first be enhancing its Hosted Payment Pages 2.0 followed later by its Payment Forms and Payment Links to capture all required fields listed as mandatory for the Browser listed fields in tandem with how our gateway partners support this data collection on the latest versions of our integrations with them. If our partners do not have a stated path for support, Zuora cannot implement a solution. If you are on a legacy version of an integration, we suggest that you migrate to a version that does support these new fields to remain compliant.

     

    Zuora does not offer any in-application experiences so Device IP Address does not apply to us.

     

    For those customers who do not use Zuora's Hosted Pages or Payment Forms, such as DirectPOST users, they are responsible for the inclusion of the parameters expected for their gateway integration(s). 

    Additionally, those customers using the below gateways will be required to collect and submit the Cardholder Email Address as there are current compatibility issues between Zuora and the gateways' required country codes formats. In order to prevent issues with the transaction, we will temporarily halt submission of the phone number to these gateways. To remain compliant, we recommend that you collect the Cardholder Email Address instead:

    • Adyen v2
    • Chase Orbital
    • Checkout.com

    Timeline Unknown

    Zuora is currently working with Chase to understand the requirements for the Chase Paymentech Orbital Gateway integration and will make the appropriate changes once it is ready. We do not currently have a timeline for delivery.

    Deadline extensions

     

    Below are the gateways which have been granted a deadline extension by Visa. 

     

    Gateway

    Extension Date

    Access WorldPay

    August 12, 2025

    WorldPay 1.4

    August 12, 2025

    Chase Mobility

    February 2025



    ------------------------------
    Tyler Schemmel
    Zuora
    ------------------------------



  • 2.  RE: Visa Secure Payer Authentication Update for 3DS Authentication (due August 12th, 2024)

    Posted 07-26-2024 14:00

    Is there a way to display both Phone and Email but REQUIRE only one of them?



    ------------------------------
    Casey Wright
    SimpliSafe
    ------------------------------



  • 3.  RE: Visa Secure Payer Authentication Update for 3DS Authentication (due August 12th, 2024)

    Posted 07-29-2024 13:19

    Hi Casey,

    Yes, when configuring your Hosted Payment Pages, you can choose to check the boxes to 'Display' both but you would only check the 'Required' box on the one of the two you want to make mandatory for users to select.



    ------------------------------
    Tyler Schemmel
    Zuora
    ------------------------------



  • 4.  RE: Visa Secure Payer Authentication Update for 3DS Authentication (due August 12th, 2024)

    Posted 08-15-2024 19:34

    Just to be sure, if we added the phone number requirement on our hosted payment page and with this Visa change, this won't affect existing customer that already has the card added to their account's payment method right?

    Just want to make sure that we won't need to require information from existing customer before we can re-charge them



    ------------------------------
    George Huang
    ------------------------------



  • 5.  RE: Visa Secure Payer Authentication Update for 3DS Authentication (due August 12th, 2024)

    Posted 08-16-2024 06:30

    Hi George,

    No, there is no change to existing customers. This change only affects new user acquisition requirements.



    ------------------------------
    Tyler Schemmel
    Zuora
    ------------------------------