Hello guys,
I received the below from Braintree Payments themselves (ie the company, not the opencart extension people)
-----------------------------
Last month, we notified you of upcoming changes related to Strong Customer Authentication (SCA) requirements. The requirements are part of the European Payment Services Directive (PSD2) regulations, which mandate additional authentication measures be performed on transactions in the EEA. Moving to 3D Secure 2.0 (3DS 2.0) can help merchants transacting in Europe meet SCA requirements as well as help increase fraud protection. 3DS 2.0 is also expected to reduce friction in comparison to 3DS 1.0 in both the web- and mobile-purchase process and can help maximize conversions.
What do I need to do?
Braintree recommends that merchants integrate 3DS 2.0 into their checkout experience by April 2019 per the card brands' guidelines. The beta version of the web SDK is now available to integrate and test in the Sandbox. It will be ready to use in production soon. Please reference our 3DS 2.0 adoption guide for more information on how to make this change.
For merchants using a third-party shopping cart provider, you'll want to reach out to them for details on their plans to meet PSD2 SCA requirements.
When is the deadline?
Although the date of enforcement isn't until September 2019, card issuers may begin to require that transactions meet SCA requirements any time after April 14, 2019, so being ready when the 3DS 2.0 protocol is active is an excellent proactive measure that can help you avoid unnecessary declines.
-----------------------
Do you guys know, will it be as simple as Braintree Payment extension people will release an update that covers these requirements?
Please let me know
Thank you
Luke
I don't think the OpenCart team has mentioned their plans. It's possible the OpenCart team plans on updating the extension in the next version to also use 3D Secure 2.0, but I haven't heard of any definitive info on that. Given how they don't even release bugfixed versions of OpenCart itself, though, I would highly doubt they're going to make a September deadline for integrating new code.
My Braintree Payment Gateway Pro does support 3D Secure, and will be updated to support 3D Secure 2.0 once it's officially released by Braintree. Currently they don't have all the API info in place, so I'm not sure why they keep sending these e-mails. I'll be updating my extension before the deadline, for anyone that's currently using it.
My Braintree Payment Gateway Pro does support 3D Secure, and will be updated to support 3D Secure 2.0 once it's officially released by Braintree. Currently they don't have all the API info in place, so I'm not sure why they keep sending these e-mails. I'll be updating my extension before the deadline, for anyone that's currently using it.
Thanks for your reply Jonathan, I will definitely bare this extension in mind.
Is this requirement PSD2 SCA update not as important as it sounds or something? I'd have thought if it was they'd be all over it since Checkout/Payment is a fairly basic part of an ecommerce platform? I thought there would be lots of store owners on here panicing but seems barely mentioned so maybe I'm just mis-reading or something
Is this requirement PSD2 SCA update not as important as it sounds or something? I'd have thought if it was they'd be all over it since Checkout/Payment is a fairly basic part of an ecommerce platform? I thought there would be lots of store owners on here panicing but seems barely mentioned so maybe I'm just mis-reading or something
Most stores don't even use 3D Secure in my experience, so it's probably not a big deal to most people. I haven't found definitive info that they're discontinuing 3D Secure 1.0 either --- I would assume it will continue working, though I don't know that for sure. I'd be surprised if they just stopped it working though. Probably they're just emphasizing it so much to get people on board, since it's really hard to get people to update things unless they think it's security-related.
I have now confirmed that I am set up for and utilising 3D Secure 1.0 at least so thats something. In the meantime I had the following mail about the same...
------------------------------------------
Over the last two months, we've notified you of upcoming changes related to Strong Customer Authentication (SCA) requirements. To help you prepare for upcoming SCA requirements, part of the European Payment Services Directive (PSD2) regulations, Braintree recommends that merchants integrate 3DS 2.0 into their checkout experience by April 2019 per the card brands' guidelines.
Our 3DS 2.0 adoption guide provides more information on how to make this integration change. The web and iOS SDK are available for a limited release in Sandbox and Production.
If you are using a third-party shopping cart provider, please reach out to them directly for steps to meet PSD2 SCA requirements.
When is the deadline?
Card issuers may begin to require that transactions meet SCA requirements any time after April 14, 2019, even though the date of enforcement isn't until September 2019. Being ready when the 3DS 2.0 protocol is active is an excellent proactive measure that can help you avoid unnecessary declines.
Are there any additional resources I can reference?
We'll continue sharing relevant details leading up to the date of enforcement. In the meantime, please read these blog posts for more information on the regulations and how to prepare.
--------------------------------------------
It's this inparticular that concerns me "Card issuers may begin to require that transactions meet SCA requirements any time after April 14, 2019, even though the date of enforcement isn't until September 2019. Being ready when the 3DS 2.0 protocol is active is an excellent proactive measure that can help you avoid unnecessary declines." that certain card issuers can choose to start rejecting transactions that aren't 3DS 2.0 after April 14th?
------------------------------------------
Over the last two months, we've notified you of upcoming changes related to Strong Customer Authentication (SCA) requirements. To help you prepare for upcoming SCA requirements, part of the European Payment Services Directive (PSD2) regulations, Braintree recommends that merchants integrate 3DS 2.0 into their checkout experience by April 2019 per the card brands' guidelines.
Our 3DS 2.0 adoption guide provides more information on how to make this integration change. The web and iOS SDK are available for a limited release in Sandbox and Production.
If you are using a third-party shopping cart provider, please reach out to them directly for steps to meet PSD2 SCA requirements.
When is the deadline?
Card issuers may begin to require that transactions meet SCA requirements any time after April 14, 2019, even though the date of enforcement isn't until September 2019. Being ready when the 3DS 2.0 protocol is active is an excellent proactive measure that can help you avoid unnecessary declines.
Are there any additional resources I can reference?
We'll continue sharing relevant details leading up to the date of enforcement. In the meantime, please read these blog posts for more information on the regulations and how to prepare.
--------------------------------------------
It's this inparticular that concerns me "Card issuers may begin to require that transactions meet SCA requirements any time after April 14, 2019, even though the date of enforcement isn't until September 2019. Being ready when the 3DS 2.0 protocol is active is an excellent proactive measure that can help you avoid unnecessary declines." that certain card issuers can choose to start rejecting transactions that aren't 3DS 2.0 after April 14th?
I'm not entirely sure myself, because as you can see it's vague about the implementation dates. The info I've found says that MasterCard 2.0 may start being enforced in April (whatever 2.0 is) with Visa having various dates based on location. PSD2 (SCA) has a deadline for September:
https://www.braintreepayments.com/blog/ ... ecure-2-0/
Braintree's not even ready itself though --- their SDK's are not finalized for 3D Secure 2.0, and they say not to use it in production at this time anyway:
https://developers.braintreepayments.co ... ascript/v3
Because of that I wouldn't worry too much, I'd imagine there will be a bit of a grace period as everyone wants to make sure everything works together. I could be wrong though --- it wouldn't be the first time somebody starts enforcing something that's not ready to be enforced yet.
https://www.braintreepayments.com/blog/ ... ecure-2-0/
Braintree's not even ready itself though --- their SDK's are not finalized for 3D Secure 2.0, and they say not to use it in production at this time anyway:
https://developers.braintreepayments.co ... ascript/v3
Because of that I wouldn't worry too much, I'd imagine there will be a bit of a grace period as everyone wants to make sure everything works together. I could be wrong though --- it wouldn't be the first time somebody starts enforcing something that's not ready to be enforced yet.
Are you still facing any issue?Johnathan wrote: ↑Fri Mar 08, 2019 10:03 pmI don't think the OpenCart team has mentioned their plans. It's possible the OpenCart team plans on updating the extension in the next version to also use 3D Secure 2.0, but I haven't heard of any definitive info on that. Given how they don't even release bugfixed versions of OpenCart itself, though, I would highly doubt they're going to make a September deadline for integrating new code.
My Braintree Payment Gateway Pro does support 3D Secure, and will be updated to support 3D Secure 2.0 once it's officially released by Braintree. Currently they don't have all the API info in place, so I'm not sure why they keep sending these e-mails. I'll be updating my extension before the deadline, for anyone that's currently using it.
Who is online
Users browsing this forum: Majestic-12 [Bot] and 44 guests