PASA 3D Secure mandate

With online fraud being top of the agenda for the Payment Association of South Africa (PASA), the body has taken the decision to make it compulsory for all e-commerce merchants to be enrolled in the 3D Secure program by the 28th of February 2014.

 

What is 3D Secure?

As more and more consumers shop online, new risks are exposed. The anonymity of the internet poses the danger of unauthorised credit card purchases as there is no way of telling if the shopper is in fact the authorised holder of the card used for payment. In light of these increasing risks to you, the card issuers realised that reducing chargeback risk is important in order for the industry to grow.

3D Secure, a technical standard created by Visa and MasterCard, provides an extra step during the online payment process to verify the shopper’s identity.  This was introduced to help reduce online fraud risk, and safeguard credit card transactions. More information provided here

 

The benefit of 3D Secure for merchants

Merchants enrolled for 3D Secure will have their chargeback risk reduced by shifting the responsibility of the transaction chargeback risk to the issuing bank of the cardholder. For more information on 3D Secure and the associated liability shift for transactions, please view the PayU 3D Secure merchant guide.


The impact of the PASA decision on PayU merchants

All PayU merchants need to implement the required functionality to ensure that their customers are able to successfully transact with 3D Secure on their website by the 28th of February.

 

Steps required to enable 3D Secure on your website:

1. Technical implementation

Depending on the type of integration you have with the PayU payment platform, different actions will be required as set out in their respective developer section:

You can determine which one of the above you use by going to your store's payment page; this is the page where you enter your credit card details.  If the page address is payu.co.za (ie. it starts with https://secure.payu.co.za) or safeshop.co.za (ie. starts with https://secure.safeshop.co.za), you are using the PayU Redirect Payment Page, otherwise you are using the PayU Enterprise API.

Please consult with your development team or contact the PayU integration team via email if you are unsure of your integration type.

 

2. 3D Secure customer education

  • Explain what 3D Secure is and the benefits of the program
  • Outline the extra steps added to the payment process. This will help manage customer expectations and reduce potential drop off:

  1. they will be redirected to their issuing bank's 3D Secure One Time Pin (OTP) capture page
  2. they will need to enter the OTP received via SMS on this capture page
  3. they will then be redirected to your website and a message will be displayed to indicate whether the payment was successful or not.
  • Display the relevant 3D Secure logos on your website:
  1. MasterCard Secure Code
  2. Verified by VISA

 

Exclusion of mobile devices

PASA has made a concession  to exclude any e-commerce transactions that are concluded on a mobi site or native application from the February 2014 mandate for a limited period of 6 months

 

In summary, merchants are required to implement 3D Secure by the due date of 28 February unless it is not technically possible to apply 3D Secure on the channel, specifically native applications on mobile devices (including phones and tablets) and in cases where mobi site configurations are used. Please download and read the full PASA mobile device extension notification here. Please contact PayU if you are processing mobile and application based transactions and will be making use of this extension - contact details available here


Online Resources

The following resources will provide you with more information on the 3D Secure switch


3D Secure Queries

For any queries please contact the PayU support team:

 

Related pages