1. When did each card scheme deprecate the 3D Secure 1 authentication protocol?
Please see below the dates when each card scheme deprecated the 3D Secure 1 authentication protocol:
|Mastercard||October 18th, 2022|
|Visa||October 15th, 2022|
|American Express||October 14th, 2022|
|Discover/Diners||October 14th, 2022|
|JCB||October 18th, 2022|
|Cartes Bancaires||October 15th, 2022|
2. Which countries represent an exception to the above deprecation dates for each card scheme?
To date, Mastercard, Visa and American Express have shared the following exceptions:
Mastercard has provided an update and shared its plan to transition all customers in India and Bangladesh to EMV 3-D Secure (3DS). The transition date of October 3rd, 2023 will only apply for India and Bangladesh authentications. Indian and Bangladesh issued cards will be able to perform 3DS1 for domestic and cross border traffic once the transition is completed.
Visa has confirmed October 12th, 2023 as the transition to 3DS2 for the following markets: Bangladesh, Bhutan, Maldives, Nepal, India, Sri Lanka. This transition is an exemption from the October 2022 plan and will only apply to domestic traffic and not cross border traffic. Cross-border traffic will only be processed through 3DS2.
American Express SafeKey 1.0 (3DS1) will be deprecated globally, with the exception of India. No other dates have been shared yet for India.
3. What was Adyen's stance in relation to the October 2022 deadline?
Leading up to the deprecation dates set by each card schemes, Adyen's authentication engine continued to select versions based on optimisations for acceptance and performance; this means merchants would continue to see 3DS1, 3DS2.1 and 3DS2.2 traffic.
Please note that the scheduled timelines were enforced by the schemes and as such, Adyen had no ability to grant extensions for 3DS1 processing.
4. What happened after each deprecation date?
After each deprecation date (with the exceptions of the countries noted at point 2), 3DS1 was no longer an authentication option and Adyen’s authentication engine has continued to optimize for the best 3DS version between 2.1.0 and 2.2.0
5. Did 3DS1 deprecation affect POS traffic?
No, this did not impact POS traffic as 3DS is only used for card not present transactions (CNP).
6. Is my integration using 3D secure?
7. What was Adyen’s stance regarding merchants using “threeDSVersion” and “messageVersion” to enforce 3DS1 in API calls?
Merchants are able to use two parameters (messageVersion and threeDSVersion) in the API call to enforce 3DS selection for authentication.
As this is a merchant initiated request that occurs outside our platform, Adyen continued to honor the merchant's API call and perform the requested 3DS version for the authentication. However, as issuers and schemes began deprecating 3DS1 during October 2022, requests enforcing 3DS1 on the authentication flow would result in errors or their authentication would be skipped altogether.
Merchants can choose to remove these fields from the API call and allow Adyen's authentication engine to select the best 3DS version. We recommend allowing the authentication engine to select the most optimal 3DS version based on real time performance.
8. Do merchants needs to take any action on enrolling Amex, Mastercard, Visa, JCB, or Diners?
Merchants processing over Adyen acquiring for the above schemes do not need to take further action. Our platform will continue to select the best 3DS version until deprecation date which means, merchant traffic will continue to observe 3DS1 and 3DS2 traffic.
To further add-on, Amex has been reaching out to all their merchants to ensure their connections are ready for 3DS2. We can confirm, that all Amex connections on Adyen's platform supports 3DS2 with no further action required.
9. How can merchants check to see if transactions are processing through 3DS2 already via the Customer Area?
Transactions > Payments > Under "More Filters" > "Payment Method" > Select a Payment Method (i.e. Visa, MC etc.) > "3D offered" > Select "C - Only for 3DS2" > Click "Apply All"