Important changes to the EcomMerchant service
From the 1st September 2019 we will be changing the way our service operates for online payments (often referred to as ECOM Payments). Recent changes in the law with the introduction of the Payments Services Directive 2 (PSD2), has meant we will now need to incorporate 3D Secure into all online payments. For this to occur we will need to add the 3D Secure service to all merchants who process card payments online through our EcomMerchant gateway. This change will see a change in price to all ECOM accounts from £12.00 (excluding any add-ons) to £15.00 per month to include the price of the 3D Secure service. This is not a price increase but instead a regulatory requirement to include the 3D Secure service into all ECOM accounts. The changes will mean a reduction in online fraud and will enable merchants who process online transactions to obtain a liability shift resulting in your acquiring bank underwriting any potential losses you experience through online fraud. It will also mean you avoid ‘non-secure’ fees for ECOM transaction levied by your acquiring bank (typically between 0.5% to 0.85%). This changes does not affect merchants who use our service for MOTO only transactions.
What is PSD2 ?
By now, you should have received contact from your acquiring bank (who supply your Internet Merchant Account) regarding this new directive. Payments Services Directive 2 (PSD2) follows on from Payment Services Directive (PSD), which was imposed by the EU in 2007. This legislation established a single market for EU payments to champion the creation of more secure and advanced payment services. One of the key aims of PSD2 is the introduction of SCA (Strong Customer Authentication).
What is SCA ?
SCA (Secure Customer Authentication) will have a significant impact on how all merchants take card payments online from their customers (purchasers). In order to make a payment once the directive has been imposed (currently expected on the 14th September 2019) all online payment transactions (certain exceptions apply) will need to be processed and authenticated in line with the new Regulatory Technical Standards (RTS). This means that 3D Secure version 1 must be present as a minimum.
What is 3D Secure ?
3D Secure has been around for over ten years and is a scheme set up by the card brands and banks (e.g. Verified by Visa, MasterCard SecureCode, American Express Safekey) to provide additional online security for online transactions. With 3D Secure the card holder will either enrol with their card issuer or be enrolled automatically and any online transactions made will be either authenticated automatically by the card issuer (using risk assessment based on purchase price, transaction history, spending patterns etc) or by the card holder entering a previously activated password. The advantages of having it enabled are the reduction to the risk of chargebacks and fraud and increasing customer confidence. It is something we as a company and our acquiring bank partners strongly recommend that a merchant enables with us for online transactions and will be mandatory from the 1st September for all EcomMerchant customers using ECOM Payments.
A new version of 3D Secure (version 2) soon to be available, will make authentication stronger and more secure by imposing a two-factor authentication requirement. This means that it all online payments will require two out of three possible security checks before a payment can be authorised. This new version uses over 100 data points to help determine if a transaction is deemed valid or not. In principle, the authentication would be two out of three of the following:
Something you own (Mobile phone, wearable tech, Smart card/keypad etc)
Something you know (Password, passphrase, PIN, security question etc)
Something you are (Facial recognition, fingerprint, iris scan etc)
How do I enrol for 3D Secure version 1 (either now or for September) ?
Depending on which acquiring bank you are using we can either do the enrolment for you or give you the instructions to do so (see below). In either case once you are enrolled we will implement the service and make it live for you. There will be no changes required on the PayPage integration from your side.
What happens if I don't agree to the change of terms ?
Transactions processed without 3D Secure v1 or v2 from this date may automatically be declined by the issuing bank leaving you with fewer sales as a result. As such, the service will be automatically included on all EcomMerchant accounts from 1st September 2019 with the monthly billing adjusted accordingly. Customers within their initial 12 month contract will not see their monthly billing change until after their initial 12 month contract matures. If you expressly wish not to have your account enrolled please contact the Sales team as soon as possible and we will note this on your account and leave it as ‘non-secure’ on the understanding that you have been made aware of the implications as indicated.
Barclaycard – you will need to contact the Barclaycard EPDQ Support team directly via [email protected] or 0844 8240230 and ask them to activate MasterCard SecureCode for you (Verified by Visa will be done automatically). You will need to give them your merchant number which should be visible on any statement (we can confirm this for you if you cannot find it). They will then send (or re-send if previously registered but not activated) you an email with the subject “Internet Authentication Next Steps” which needs to be forwarded to [email protected] in order for us to activate 3D Secure for you. This applies whether done now or in September.
First Data – we will enroll and activate 3D Secure for you from 1st September
Global Payments - we will enroll and activate 3D Secure for you from 1st September
WorldPay - we will enroll and activate 3D Secure for you from 1st September
American Express – you will need to enroll for Safekey through American Express directly either online or by calling 0800 339911. You will need to give them your merchant number which should be visible on any statement (we can confirm this for you if you cannot find it). Once enrolled you will need to forward the confirmation email to [email protected] in order for us to activate 3D Secure for you. This applies whether done now or in September.
If you are unsure about any of the above please contact the Sales team on 0844 856 0681 opt 1 or email [email protected] and we will assist you as much as possible.
What happens if the UK comes out of the EU - will PSD2 still apply ?
We are lead to believe from the UK government that EU laws will still apply even if we leave the EU. Therefore, it is our understanding that PSD2 will still apply and so the requirement for 3DS/3DS2 will still apply.
Will I automatically be upgraded from 3D Secure version 1 to version 2 ?
It is our intention to roll out version 2 to all pre-existing version 1 users. The implementation is yet to be confirmed.