Dear Travel Provider,
Secure Customer Authentication/3DS – ACTION REQUIRED
The Second EU Payment Service Directive (PSD2) will come in to law on 31st December 2020. As such there is a need for everyone in the payment chain to implement Secure Customer Authentication (SCA), through 3D Secure 2, into their card present and card not present flow.
By using 3D secure for online payments, you’ll be protecting both your business and your customer against potential card payment fraud. Once transactions have gone through the 3D secure authentication process, you’ll no longer be liable for the purchase. Meaning not only will you be protected against any unauthorised transaction chargebacks, but you’ll also save time and money with less potential settlement disputes between your customers.
For your customers, 3D secure means that you’ll be giving them an extra level of security when it comes to making payments online. With the fraud prevention security in place, it can help to combat against any payment fraud, keeping your customers’ card details safe and helping to ensure their trust in your business. Plus, they’ll be able to make online payments using major debit or credit cards which use the secure authentication system, including Visa (through Verified-by-Visa), Mastercard (through Mastercard Secure Code) or American Express (through American Express SafeKey), giving them more choice.
If you are using Trust My Travel for your payments you need to take action in order to comply with the new directive, wherever you are based in the world.
If you are using a booking system on either our Infinity (dashboard.trustmytravel.com) or legacy (legacy.trustmytravel.com/login) they should take care of it for you. However, please see details below and ensure that either your direct connection or your rez system is ready for the TMT compulsory opt in on 31st December 2020.
Users are currently opted out of 3DS2 by default but can be opted in on request. The demo integration showing how to set-up your Spreedly integration to handle 3DS2 that was provided in October 2019 is still available: https://github.com/trustmytravel/3DS2-Demo. Even if you use a booking system you will still need to request to be opted in.
Opt in for all will be applied to Legacy Platform users on 31st December 2020.
A new version of the modal has been released that handles 3DS2 end to end. To use the new modal you will need to link to the new modal script from your app as with previous updates.
Please be aware that when testing the modal, you now have to provide an additional option indicating that you are in test mode:
In addition to this we no longer allow the end user to make three failed attempts before rejecting their transaction. They are permitted one attempt and whether or not retries are permitted is placed in your hands. As such the “transaction_rejected” callback has been deprecated.
Another addition to the new modal is support for authorizing cards. This leaves the final API call to capture payment in your hands.
Please remember that all accounts will be opted in to SCA on 31st December 2020. If you have not made the necessary technical changes you may no longer be able to use Trust My Travel to take payment.
If you have any queries please do not hesitate to get in touch at firstname.lastname@example.org