Important Updates from MasterCard for September 2021

Posted On: Friday, September 3rd, 2021

MasterCard Identity Check Updates. 3DS1 Attempts server to be decommissioned on October 5th, 2021. 

A number of important changes are announced by MasterCard for the MasterCard Identity Check Program. Below is an abstract covering topics of interest to merchants.

  • UPDATE: SPA1 for EMV 3DS will be retired on September 30, 2021, not October 15 as previously communicated.
  • REMINDER: A reminder that on Sept. 30, 2021 ACSs/3DS Servers must support the enhanced Transaction Status Reason processing logic as introduced in AN 4805. This enhancement also introduces a new Directory Server-specific transStatusReason value of 83 – ‘DS dropped reason code received from DS’, as well as a new Directory Server-specific authenticationType value of 83 – ‘DS altered transaction status’ (the addition of the new authenticationType value will be published in an upcoming update expected Sept. 7, 2021.)
  • REMINDER:  Per the Identity Check Program Guide, requirement 149, ACS operators must challenge a request to add a Card-on-File (COF) regardless if it is requested using a non-payment or payment transaction.  There are further details in the Program Guide with respect to specific data elements and values in the AReq that indicate this type of transaction.
  • REMINDER: As per security standards, Mastercard is planning to Introduce Application Security Manager ( ASM ) Policy in both our 3DS1 and 3DS2 Mastercard Networks. In preparation to this all the Merchants (MPIs/ 3DSS) using cookie attributes that are following prior (pre-2011)  grammar are advised to adhere/reference to RFC 6265 standards for cookie handling grammar and behavior. All customers must adhere to RFC 6265 and make any code changes by the end of  September 2021.
  • REMINDER: On September 14, 2021, Mastercard will add UK/Gibraltar to the list of countries where Smart Authentication Stand-in will no longer fully authenticate Intra-EEA/UK/Gibraltar transactions above EUR 30. All Intra-EEA/UK/Gibraltar transactions above EUR 30 will receive a Attempts authentication response.
  • REMINDER: On September 14, 2021, Issuers in UK/Gibraltar may be automatically enrolled into Smart Authentication Direct for Acquirer Exemption service if they step-up more than 10 percent of their authentication requests featuring acquirer exemptions or Strong Consumer Authentication (SCA) flags.  
    • SPA1 for EMV 3DS will be retired on September 30, 2021.
    • 3DS1 Attempts server to be decommissioned on October 5th, 2021.  

Full support for major card brands and banks

Making eCommerce Safe

Be in the know

Industry news, events and major releases.

Recurring Transactions, Merchant Initiated Transactions and Stored Credentials
Posted on: Thursday 23rd June, 2022

The subscription model has gained in popularity but as anyone with experience with these type of payments knows, the model can lead to disputes through lack of clarity, misuse or poor management.

Visa guidelines for mandatory rolling out of EMV 3DSecure for Asia Pacific
Posted on: Wednesday 4th May, 2022

Visa has issued guidelines for rolling out of EMV 3DS for the Asia Pacific Region. Countries covered: Australia, Cambodia, Hong Kong, India, Indonesia, Macau, Malaysia, New Zealand, Philippines, Singapore, Hong Kong, South Korea, Taiwan, Thailand and Vietnam.

Visa & Mastercard Mandate: Impacts of the 8-Digit BINs Extension
Posted on: Monday 28th February, 2022

Important changes to BIN codes, the lynch pin of credit card payments.

Here to help

Questions? We've got answers.

Kindly note that we do not support cardholders wanting to activate 3D Secure on their card. Please contact your bank directly using the phone number provided on the back of your card.