Enable 3DS2 for CyberSource gateway integration
3D Secure 2.0 (3DS2) is a widely recommended solution for strong customer authentication (SCA) under PSD2. The CyberSource, Payment API v2.0 gateway integration provides support for 3DS2 through the embedded iFrame of Payment Pages 2.0.
To comply with PSD2 using 3DS2, the following updates are required:
Then you can implement and use Payment Pages 2.0 as usual. See Payment Pages 2.0 implementation overview for more information.
Configure 3DS2 settings in Payment Pages
Configure the gateway instance
Only the CyberSource, Payment API v2.0 version supports 3DS2. If you are using an earlier version of CyberSource gateway integration, upgrade your gateway to this version. Contact Zuora Global Support to get access to the CyberSource, Payment API v2.0 gateway.
When configuring the gateway instance, you must enter the following fields on the gateway configuration page in addition to the required fields:
- Organization ID
- API Identifier
- API Key
The values for these fields should be provided by CyberSource. Contact CyberSource Merchant Support to get this information for your merchant account.
Enforce 3DS2 authentication challenge
A Force SCA Challenge on 3DS Requests setting is available on the gateway setting page for your CyberSource v2.0 instance. By selecting this setting, the challengeCode=04
indicator will be passed to the CyberSource gateway to request the cardholder challenge. The 3DS2 authentication challenge will be enforced if possible. Ultimately, it is the issuing bank that determines whether a card needs to be authenticated through a challenge. See CyberSource Payment Gateway for more information.
The "Best practices" section in Zuora’s implementation of 3D Secure 2.0 provides best practices for reducing the possibility of failed transactions due to 3DS2 authentication errors.
SCA grandfathering
CyberSource supports grandfathering saved cards. You must select Recurring for the Commerce Indicator dropdown list so that transactions made using the credit cards already saved in your Zuora tenant are highly likely to be exempted from SCA. Select Recurring also prevents the high payment decline rate due to the error code 478
.