Deadline for 3D Secure Implementation Looms in South Africa

Due to the increase in Card not Present (CNP) fraud in South Africa, the Payment Association of South Africa (PASA) has made a decision to mandate the implementation of 3D Secure for all e-commerce merchants. The deadline for this implementation has been set at 28 February 2014.

3D Secure is the collective term used for various authentication services, as supported by each card scheme respectively, which allows only the cardholder to use the card. Examples of these are Verified by Visa and MasterCard Secure Code.

According to PASA, they have a mandate to “organise, manage and regulate the South African National Payment Systems (NPS), and therefore PASA has the responsibility to ensure the safety and efficiency of the NPS.”

There are three distinct processes banks have to follow to enable their cardholders to transact in a 3D secure manner.

1. Firstly, all e-commerce enabled BINs have to be registered by banks with the card schemes.
2. Secondly, banks have to register/enrol their cardholders for the 3D secure service. This allows most of the customer information required to be pre-populated, making the activation process more efficient, timeous, and less frustrating for the customer.
3. Thirdly, cardholders have to activate their cards to enable 3D secure transactions to happen.

Although activation processes differ between issuing banks, most banks who offer e-commerce transactions to their cardholders should have processes in place to ensure that cardholders activate 3D Secure when the first transaction is performed by the cardholder at a 3D secure merchant.

In some instances cardholders would have been pre-activated by their bank and would merely receive their one time PIN or relevant activation code. In other cases the cardholder will be asked to activate using a PIN/Password that they retrieve from their online banking platform.

In order to meet the deadline for 3D Secure, PASA is doing everything it can to ensure efficient implementation, including:

• Encouraging issuing banks and merchants to educate cardholders and increase awareness of 3D secure and Card not Present fraud.
• Making sure banks are aware of the process they have to follow to enable their cardholders to transact in a 3D secure manner.
• Explaining to banks and merchants how to handle cards which are not eligible for, or capable of performing, 3D Secure transactions.
• Explaining to banks and merchants the shift in liability.
• Releasing technical specifications and standards.

With regards to mobile transactions, PASA has extended the deadline by 6 months for e-commerce transactions that are concluded on a mobi site or native application, due to the broad and varied nature of the mobile environment.

The extension will allow for:

• The necessary Access Control Server (ACS) responsive design development and testing to be concluded which will result in an improved cardholder experience for mobi sites.
• Focussed efforts on finding a solution for native application-3D Secure integration.

With these guidelines PASA is confident that all issuers and merchants should be on track for the February 28 deadline. E-commerce merchants that do not implement 3D Secure could face increased chargebacks on non-authenticated transactions.

- See more at: http://paymentsafrika.com/payment-news/online-payments/deadline-for-3d-secure-implementation-looms-in-south-africa/#sthash.uWIauO9R.dpuf