Important Updates from MasterCard for September 2021
MasterCard Identity Check Updates. 3DS1 Attempts server to be decommissioned on October 5th, 2021.
A number of important changes are announced by MasterCard for the MasterCard Identity Check Program. Below is an abstract covering topics of interest to merchants.
- UPDATE: SPA1 for EMV 3DS will be retired on September 30, 2021, not October 15 as previously communicated.
- REMINDER: A reminder that on Sept. 30, 2021 ACSs/3DS Servers must support the enhanced Transaction Status Reason processing logic as introduced in AN 4805. This enhancement also introduces a new Directory Server-specific transStatusReason value of 83 – ‘DS dropped reason code received from DS’, as well as a new Directory Server-specific authenticationType value of 83 – ‘DS altered transaction status’ (the addition of the new authenticationType value will be published in an upcoming update expected Sept. 7, 2021.)
- REMINDER: Per the Identity Check Program Guide, requirement 149, ACS operators must challenge a request to add a Card-on-File (COF) regardless if it is requested using a non-payment or payment transaction. There are further details in the Program Guide with respect to specific data elements and values in the AReq that indicate this type of transaction.
- REMINDER: As per security standards, Mastercard is planning to Introduce Application Security Manager ( ASM ) Policy in both our 3DS1 and 3DS2 Mastercard Networks. In preparation to this all the Merchants (MPIs/ 3DSS) using cookie attributes that are following prior (pre-2011) grammar are advised to adhere/reference to RFC 6265 standards for cookie handling grammar and behavior. All customers must adhere to RFC 6265 and make any code changes by the end of September 2021.
- REMINDER: On September 14, 2021, Mastercard will add UK/Gibraltar to the list of countries where Smart Authentication Stand-in will no longer fully authenticate Intra-EEA/UK/Gibraltar transactions above EUR 30. All Intra-EEA/UK/Gibraltar transactions above EUR 30 will receive a Attempts authentication response.
- REMINDER: On September 14, 2021, Issuers in UK/Gibraltar may be automatically enrolled into Smart Authentication Direct for Acquirer Exemption service if they step-up more than 10 percent of their authentication requests featuring acquirer exemptions or Strong Consumer Authentication (SCA) flags.
- IMPORTANT UPCOMING DATES:
- SPA1 for EMV 3DS will be retired on September 30, 2021.
- 3DS1 Attempts server to be decommissioned on October 5th, 2021.
Be in the know
Industry news, events and major releases.
Decoupled Authentication provides a convenient way to get SCA approval with minimum effort by the merchant or the cardholder. Many use cases benefit from higher approval rate and fraud protection.
Effective 15 October 2022, Visa will discontinue support of 3-D Secure 1.0.2 and related technology. Effective 16 October 2021, Visa will continue to support 3DS 1.0.2 transaction processing, including the 3DS 1.0.2 Directory Server (DS), but will stop support of 3DS 1.0.2 Attempts Server.
EMVCo 3DSecure 2.2 brings enhanced functionality as the SCA protocol matures and consolidates its experience with over two years of deployment.
