3D Secure 2 (3DS2) Support - Magento 2


To make sure that your transactions comply with regulations like PSD2 SCA, you will likely need to implement 3D Secure, an authentication protocol developed by EMVCo and supported by major card schemes

See: https://en.wikipedia.org/wiki/Payment_Services_Directive

Subscribe Pro supports the use of 3D Secure 2 (3DS2) with the Subscribe Pro payment method that is included as part of our M2 extension. The steps to configure 3DS2 are simple and are provided below.

Supported Payment Providers

Subscribe Pro's implementation can support 3DS2 authentication with any payment provider or gateway that supports third party 3DS authentication data. Sometimes this is described as using an external MPI (Merchant Plug-in).

Subscribe Pro supports the following (non-exhaustive) list of providers:

  • Adyen
  • Braintree
  • CyberSource
  • NMI
  • WorldPay

Prerequisites

The following data must first be sent to Subscribe Pro. Using these six fields, Subscribe Pro is able to register an SCA Provider which allows you to complete the 3DS configuration.

You may have to contact your payment provider and possibly your acquirer to obtain the necessary data.

NOTE: These six fields must be provided for each card network.

FieldDescription
Acquirer BINThe Acquirer Bank Identification Number (BIN) is the first four to six digits of a card number that is used to identify the bank account associated with a card network.
Merchant ID (“MID”)The MID is a unique code that ensures the funds make it from the cardholder’s bank account to your bank account when a transaction is processed.
Merchant MCCThe MCC is a 4-digit code that classifies the type of goods or services that the business sells.
Merchant NameAssigned by the acquiring bank; please contact them.
Merchant Country CodeCountry Code in (ISO 3166-1 numeric format)
Merchant URLFully qualified URL of the merchant’s main website or customer care site that contains a method of contact.

Once this data has been gathered, please include it in an email to Subscribe Pro at [email protected] and specify which environment should be configured to use 3DS (and whether it is a sandbox or production environment).

What is an Acquirer BIN?

The BIN is used to submit authorization requests and ensure that payments are routed to the correct institution.

There are various places the BIN could be located:

Contact your acquirer to obtain your acquirer BIN. If you aren’t familiar with where to find your acquirer BIN, your payment processor could be of value. Due to the sensitive nature of the information, some payment processors may not provide the BIN via email but are able to assist over the phone.

What is a Merchant ID (MID)?

The MID is a unique code that ensures the funds make it from the cardholder’s bank account to your bank account when a transaction is processed. It is passed with other transaction information and is used to help with transaction reconciliation. You receive a MID when you open a merchant account with an acquiring bank. A merchant can have multiple MIDs based on the different sales channels they have.

There are various places the MID could be located:

Contact your acquirer to obtain your acquirer MID. MID can also be found by contacting your payment processor’s support team.

What is a MCC?

The MCC is a 4-digit code that classifies the type of goods or services that the business sells. Depending on its various lines of business, a merchant could have multiple MCCs. It is mandatory and usually used during the ACS risk analysis (not to be displayed anywhere). Certain MCCs are deemed riskier than others by the issuer, and thus tend to require a stronger challenge during the authentication.

There are various places the MCC could be located:

Contact your acquirer to obtain your MCC. Tax Document: Form 1099-K has a merchant category code box which includes the 4-digit MCC. This document can be found under your gateway’s documentation/reporting section. Some Payment Processors automatically assign a MCC at account creation, or you can set the MCC on your own. If you don’t know what your MCC is, you can contact your gateway’s support and they should be able to help. Due to the sensitive nature of the information, some payment processors may not be able to provide that information via email.

Steps to Configure

  1. Confirm that the above information has been sent to Subscribe Pro. We will then create a new SCA Provider for you to continue the configuration.
  2. Once we have created the new SCA Provider, you will be able to enable and configure 3DS in the Subscribe Pro Merchant App under System > Configuration > Payment Settings.

    Enabling 3DS via SP Merchant App 1

    Enabling 3DS via SP Merchant App 2

  3. Here you can enable 3DS and select the SCA Provider that we created for you.

    Enabling 3DS and Selecting SCA Provider

  4. You can now enable 3DS from the Magento 2 admin panel under Stores > Configuration > Sales > Payment Methods > Subscribe Pro.

    Enabling 3DS via M2 Admin 1

    Enabling 3DS via M2 Admin 2

    Enabling 3DS via M2 Admin 3

  5. (Optional) If 3DS was set up on a sandbox environment, you can test 3DS using a sample credit card. Log in to your Magento 2 site as a customer. Add a product to your cart and click Proceed to Checkout.

    Enabling 3DS via M2 Admin 1

    Select a Shipping Address. Under Payment Method, click the Subscribe Pro payment method and add the following card: 5555 5555 5555 4444, CVV: 123, Exp: 10/2029. Finally, click Place Order.

    Enabling 3DS via M2 Admin 2

  6. (Optional) You should now see the Spreedly 3DS test iFrame with a field for a verification code. Within the test iFrame, the code 123456 will result in a successful authentication.

    Enabling 3DS via M2 Admin 1

    Submitting any other code should cause an error message to show.

    Enabling 3DS via M2 Admin 2

    Once the correct code is entered, you should be redirected to the checkout success page.

    Enabling 3DS via M2 Admin 3