The 3D Secure 2.0 feature is in Limited Availability. If you want to enable this feature for your Zuora tenant, contact Zuora Global Support.
3D Secure 2.0 (3DS2) is a widely recommended solution for strong customer authentication (SCA) under PSD2. Zuora's Ingenico ePayments gateway integration provides support for 3DS2 through the embedded iFrame of Payment Pages 2.0.
To comply with PSD2 using 3DS2, the following updates are required:
- Enable 3DS2 for your Ingenico merchant account.
- Configure 3DS2 settings in Payment Pages.
Then you can implement and use Payment Pages 2.0 as usual. See Payment Pages 2.0 implementation overview for more information.
The integration flow is identical to the Payment Pages without 3DS2, whereas the processing flow from the perspective of end customers is different from before. If end customers are challenged while transacting on your Payment Page, they will get held up on the challenge window before passing the validation. The callback page is displayed only when they are authenticated. A created payment method ID is also returned.
If your customers failed the strong customer authentication, the
[ThreeDs2_Authentication_Exception] error code and the actual error message are returned. The error code is common across all gateways, while the error message is gateway-specific.
Enable 3DS2 for your merchant account
Before configuring your Zuora tenant, you must enable 3DS2 for your Ingenico merchant account. Contact Ingenico Corporate Support to get 3DS2 enabled.
If you are using the GlobalCollect (WebCollect Merchant Link) gateway integration in Zuora, you can migrate to Ingenico ePayments to enable 3DS2. Contact Ingenico Corporate Support to correctly set up your merchant account so that payments can be collected via Ingenico ePayments. Later, you can configure an Ingenico ePayments gateway instance. The API Key ID and Secret API Key can be found in the Ingenico ePayments console.
Enable 3DS2 settings in Payment Pages
When setting up a Payment Page, select the Enable 3D Secure 2.0 checkbox and select the created gateway instance from the Default Payment Gateway dropdown list. You can complete other settings as usual.
Zuora recommends you to enable the CAPTCHA challenge feature so that you can limit the number of times end customers can attempt to submit the form after they fail the authentication. CAPTCHA challenge can be used with the 3DS2 feature to prevent potential bot attacks and reinforce the transaction security.
To enable CAPTCHA challenge, you should set a positive integer for both the Limit the number of submission before CAPTCHA Challenge and Limit the number of submission before blocking Submission fields when configuring the Payment Page.
The following limitations apply to the Ingenico ePayments gateway:
- Do not enable both 3D Secure and 3D Secure 2.0 in the Payment Page.
- As of September 5, 2019, the Ingenico ePayments gateway is not ready with
schemaTransactionIdthat is related to the grandfathering approach. Therefore, the
initialSchemaTransactionIdfield is not included in the payment response. This is a known issue and Ingenico is working on it.