PASA 3D Secure mandate
With online fraud being top of the agenda for the Payment Association of South Africa (PASA), the body has taken the decision to make it compulsory for all e-commerce merchants to be enrolled in the 3D Secure program by the 28th of February 2014.
What is 3D Secure?
As more and more consumers shop online, new risks are exposed. The anonymity of the internet poses the danger of unauthorised credit card purchases as there is no way of telling if the shopper is in fact the authorised holder of the card used for payment. In light of these increasing risks to you, the card issuers realised that reducing chargeback risk is important in order for the industry to grow.
3D Secure, a technical standard created by Visa and MasterCard, provides an extra step during the online payment process to verify the shopper’s identity. This was introduced to help reduce online fraud risk, and safeguard credit card transactions. More information provided here
The benefit of 3D Secure for merchants
Merchants enrolled for 3D Secure will have their chargeback risk reduced by shifting the responsibility of the transaction chargeback risk to the issuing bank of the cardholder. For more information on 3D Secure and the associated liability shift for transactions, please view the PayU 3D Secure merchant guide.
The impact of the PASA decision on PayU merchants
All PayU merchants need to implement the required functionality to ensure that their customers are able to successfully transact with 3D Secure on their website by the 28th of February.
Steps required to enable 3D Secure on your website:
1. Technical implementation
Depending on the type of integration you have with the PayU payment platform, different actions will be required as set out in their respective developer section:
Please consult with your development team or contact the PayU integration team via email if you are unsure of your integration type.
2. 3D Secure customer education
- Explain what 3D Secure is and the benefits of the program
Outline the extra steps added to the payment process. This will help manage customer expectations and reduce potential drop off:
- they will be redirected to their issuing bank's 3D Secure One Time Pin (OTP) capture page
- they will need to enter the OTP received via SMS on this capture page
- they will then be redirected to your website and a message will be displayed to indicate whether the payment was successful or not.
- Display the relevant 3D Secure logos on your website:
Exclusion of mobile devices
PASA has made a concession to exclude any e-commerce transactions that are concluded on a mobi site or native application from the February 2014 mandate for a limited period of 6 months.
In summary, merchants are required to implement 3D Secure by the due date of 28 February unless it is not technically possible to apply 3D Secure on the channel, specifically native applications on mobile devices (including phones and tablets) and in cases where mobi site configurations are used. Please download and read the full PASA mobile device extension notification here. Please contact PayU if you are processing mobile and application based transactions and will be making use of this extension - contact details available here
Online Resources
The following resources will provide you with more information on the 3D Secure switch
- · Consolidated industry response with regard to 3D Secure implementation
- · 3D Secure Processing Matrix
- ·Verified by Visa Mobile Best Practices
- · PayU 3D Secure Merchant Guide
3D Secure Queries
For any queries please contact the PayU support team: