3-D Secure v1 will be sunset starting October 2021 (fully retired October 2022). In the interest of security, and to ensure your transactions meet the PSD2 mandate, you must immediately migrate your solution to use 3-D Secure version 2 (EMV 3DS). Click here to learn how.
Migrating to EMV 3DS will likely lead to an increase in authentication approvals on your site, as improvements to security checks performed in the background reduce the need to challenge customers to take additional steps to prove their identity. Challenges have also been made faster and easier for legitimate customers to complete, as EMV 3DS can allow them to authorise a transaction using their banking app, or through biometric security such as fingerprint/facial recognition (if their bank supports it), and exemptions can be applied to bypass authentication in certain lower-risk scenarios (contact your acquiring bank for further information on exemptions).
For those using our API, check the response
- If you are using version 3 of our JavaScript Library or our Mobile SDK, all transactions will attempt EMV 3-D Secure version 2, providing you specify the “THREEDQUERY” request in your JWT payload. Check the value of the threedversion field returned in the JWT response to determine the 3-D Secure version.
(See below to learn about situations where transactions may be downgraded to 3-D Secure version 1) - If you are using version 2 of our JavaScript Library, all transactions will attempt EMV 3-D Secure version 2. Check the value of the threedversion field returned in the JWT response to determine the 3-D Secure version.
(See below to learn about situations where transactions may be downgraded to 3-D Secure version 1) - If you are using version 1 of our JavaScript Library or using our Webservices API, transactions will attempt 3-D Secure version 1 if you have configured your solution to do so (this involves submitting a THREEDQUERY request to check enrolment, and then manually redirecting the customer’s browser to the card issuer’s ACS server for authentication).
Check our records by performing a transaction query
You can submit a TRANSACTIONQUERY request to Trust Payments using our Webservices API, passing through the transactionreference of the relevant AUTH. Check the value of the threedversion field returned in the record to determine the 3-D Secure version.
Check our records by signing into MyST
Sign in to MyST and view the details of transactions you have been processing. The 3-D Secure version should be displayed under the “3-D Secure” tab.
About downgrades to 3-D Secure version 1
If the customer’s card is not enrolled in a 3-D Secure version 2 scheme, the card will instead be checked for enrolment in a 3-D Secure version 1 scheme. If this is the case, 3-D Secure version 1 standard is used instead, to ensure the customer is authenticated. For this reason, even if your site reference(s) is configured to use 3-D Secure version 2, some payments in your records may still be shown as processed using 3-D Secure version 1.