MySagePay
Login >

3D Secure v2 - What Do Customers Need to Do?

What do customers need to do?

The first thing is to ensure your ecommerce payments have 3D Secure enabled prior to September (if not already enabled). You can find out how to do this on page 8 of our MySagePay User Guide 

Depending on which payment integration your site uses with Sage Pay you may have to make some changes to the integration, so it is important to flag with your developer/IT that you may need to make some development changes in June / July / August to ensure they will be ready to act for you. Specific details will be available in May. 

If you have a Sage Pay card machine, ensure that you regularly perform a TMS so you are receiving the latest updates as soon as they are available. 

Sage Pay has minimised the impact that this mandated change will have on you and your customers, keeping your business compliant for ecommerce transactions within the EEA. Below you can find out if you need to make any changes to your integration:

  1. Form integration – There will be no mandatory changes to your current integration. We will undertake some proactive steps in the coming weeks to ensure you are ready.
  2. Server integration – There will be no mandatory changes to your current integration. We will undertake some proactive steps in the coming weeks to ensure you are ready.
  3. Direct integration – Minimal impact, the 3DSv2 flow will be the same as the current 3DSv1 flow, however, an additional 9 fields will be required. Please refer to the parameters in the table you can find here.
  4. Pi integration - Minimal impact, the 3DSv2 flow will be the same as the current 3DSv1 flow, however, an additional 8 fields will be required.
  5. All Integrations - Since 3DSv2 is mandated, you will no longer be able to bypass the checks by submitting the ‘Apply3DSecure’ field with a value of ‘2’ for any of the integrations. You will need to change this value to ‘0’ or use one of the other permitted values (1 or 3). This is only likely if you have a bespoke SagePay integration with your website, but your web developer will be able to tell you if this is the case.

If you don’t know which integration your website uses, you can find this in MySagePay by clicking on any successful payment, then choose ‘Additional Details’ from the left menu. You will see the integration in the ‘System Used’ field.

Next Steps

  1. Enrolment - Sage Pay will enrol your MID/Merchant Number for both 3DSv1 and 3DSv2 if not already done. You will receive an email advising you that this has been done titled ‘3D Secure Confirmation Email’
  2. Enablement - You will need to enable 3D Secure from within My Sage Pay. If you have not already enabled 3D Secure, please find the instructions to do so here https://www.sagepay.co.uk/support/12/38/activating-adding-a-3d-secure-rule. If you are using our PI or Direct integration you will also need to include the 3D Secure steps of the integration.
  3. Activation - We will check all accounts and enable 3D Secure shortly before the deadline on September 14th. If 3D Secure is not already enabled, we will email you to let you know and then we will activate 3D Secure automatically. To avoid disruption you your payment processing we strongly recommend you enable 3D Secure before September, the sooner the better.
  4. Technical Update – Sage Pay will update Direct and PI technical documents with the below information and publish them to our website so you can go ahead and make any necessary changes.
  5. Test your Changes - The Sage Pay Test server will be ready for you to test the new 3DSv2 fields of the integration from July 1st. Our live environment will be ready later in July for Live tests and transaction processing.