Zuora’s implementation of 3D Secure 2.0

Knowledge Center > Billing and Payments > PSD2 and strong customer authentication overview > Zuora’s implementation of 3D Secure 2.0

Zuora’s implementation of 3D Secure 2.0

We will continue to update this page as soon as more information and integration details are available from our payment gateway partners. If you have any question, reply in the Community post or reach out to your gateway provider directly. 

As an integrator between merchants and payment gateways, Zuora helps to manage your payment flows in the subscription business. Zuora enables integrations to payment service providers, such as payment gateways and processors, which in turn communicate with the issuing bank. It is ultimately the issuing bank who determines whether a card needs to be authenticated or not.

To be compliant with PSD2, payment gateways must also support SCA. 3DS2 is seen as the standard to support SCA. Zuora ensures that you have the visibility on the status of payment gateways. When a payment gateway is ready to support 3DS2, Zuora will also include or enhance the integration with the gateway to support 3DS2.

Payment gateway support for 3DS2

Zuora integrates with the 3DS2 solution of the following payment gateways before September 14, 2019:

Payment gateway Payment gateway integrations in Zuora Planned support for 3DS2?
Adyen Adyen Integration v2.0 check.png
Adyen cross.png
BlueSnap BlueSnap, Payment API v2.0 check.png
Braintree Braintree check.png
CyberSource CyberSource, Payment API v2.0 check.png
CyberSource Enterprise Gateway, API v1.97 cross.png
CyberSource Enterprise Gateway, API v1.28 cross.png
CyberSource Tokenization cross.png
Ingenico Ingenico ePayments check.png
GlobalCollect (WebCollect Merchant Link) cross.png
PayPal PayPal Payflow check.png
PayPal Payflow Pro cross.png
PayPal Express Checkout cross.png
PayPal(Adaptive Payments) cross.png
JPMorgan Chase Paymentech Orbital Chase Paymentech Orbital Gateway check.png
Chase Paymentech Orbital Gateway, API v7.0.1 cross.png
Chase Paymentech Orbital Gateway API v.6.4.4 cross.png
Chase Paymentech Orbital Gateway, API v6.3.0 cross.png
Stripe Stripe v2 check.png
Stripe v1 cross.png
Worldpay WorldPay 1.4 check.png
WorldPay (Corporate Gateway) cross.png

In the preceding table, the gateway integration versions for which Zuora does not provide 3DS2 support may require a gateway integration version upgrade, gateway migration, or an additional feature to enable the 3DS2 functionality. Zuora recommends you contact your gateway representatives directly.

Zuora is currently not planning to support 3DS2 for all other payment gateways because they claimed that they are out of the scope of PSD2. If these gateways become subject to PSD2 requirements and inform Zuora with their 3DS2 integration, Zuora plans to provide 3DS2 support for these integrations at a later time.

Updates from Zuora

3DS2 authentication through Payment Pages

When configuring Payment Pages, an additional setting called Enable 3D Secure 2.0 is added.   
With this setting enabled, Payment Pages will go through 3DS2 authentication service provided by the payment gateway. 

Required updates from you

To be compliant with PSD2, you must make the following changes:

  • Check if your gateway instance supports 3DS2 as documented in Payment gateway support for 3DS2. If it does not support 3DS2, switch your gateway provider or upgrade your gateway instance to a version that supports 3DS2.
  • Ensure that you are on Payment Pages 2.0.
  • Ensure that you adopt the Stored Credential Transaction framework. It is a requirement of strong customer authentication exemptions. Without stored credential transactions enabled, the payments processed through your tenant are not exempted from SCA and will fail.
  • Update your configuration for Payment Pages 2.0. Zuora supports 3DS2 via the embedded iFrame of Payment Pages 2.0 if the gateway you use is in the preceding table.

    If Direct POST is used, you should implement 3DS2 for your website outside Zuora. As such, you take full control of the card authentication and authorization flow. After you get the networkTransactionId from the gateway, pass through the credit card data along with several required fields for merchant initiated transactions (MITs) to Zuora through Direct POST. See Direct POST Form Fields for Payment Pages 2.0 for the detailed request fields. Note that do not select the Enable 3D Secure 2.0 checkbox on your Payment Page 2.0 configuration page since 3DS2 has been implemented outside Zuora.

Best practices

A website overlay is often used to display the progress after a form is submitted through the iFrame of your Payment Page. However, after 3DS2 is introduced, overlays can block customers from performing strong customer authentication.

Therefore, to facilitate the authentication process, you should remove any overlay that may potentially block the iFrame when integrating with Zuora’s Payment Pages 2.0.

 

Last modified

Tags

Classifications

(not set)