Gestpay becomes Axerve Ecommerce Solutions

How the integration changes

For more than 15 years Ecommerce payments have been protected by 3D Secure. This protocol allows for the involved actors to authenticate the buyer in a secure way.

The ongoing technological evolution and the increase in the number of transactions has brought about the necessity of updating the authentication infrastructure in order to increase the reliability of the system while improving the buyer experience, thus increasing conversion rates.

The cooperation between the schemes, European authorities and market players resulted in the definition of a new standard for authenticating online buyers: 3D Secure 2.

The new protocol will grant continuity in accordance with upcoming legislations (Revised Payment Services Directive, better known as PSD2) and minimizes impact on merchant's systems. While doing so, the customer experience will be improved as well, being optimized for more devices.

3DS2 and Strong Customer Authentication (SCA)

EMV 3D Secure 2 is the best way to achieve compliance with PSD2 RTS.

Whereas with 3D Secure 1.0 every transaction undergoes an authentication which always requires an action from the buyer, the application of 3D Secure 2 may result in two different outcomes: challenge flow or frictionless flow.

The Revised Payment Services Directive (PSD2) introduces the obligation for European banks to authenticate the buyer for online payments within European Economic Area (EEA). When a challenge flow occurs, the issuing bank requires a Strong Customer Authentication (SCA).

A SCA consist in an authentication based on at least two of the following factors:

An example of SCA is an authentication done with a one-time-password the buyer received on his smartphone (factor 1: possession) and a static password (factor 2: knowledge).

While PSD2 requires the strong customer authentication of the buyer for remote transactions, in some cases an exemption is allowed.

When an exemption is applied, a frictionless flow occurs. The more informations are passed to the issuing bank, the more likely it is for the transaction to result in a frictionless flow.

In this scenario the authentication does not require any involvement of the buyer.

In case a card which would otherwise be in scope for PSD2 is not enabled to 3D Secure 2, the system will attempt performing a 3D Secure 1 authentication flow.

Should this attempt fail as well, the transaction will skip the authentication phase and an authorization of the transaction will be attempted.

Out of scope transactions and exemptions

For some types of transactions the application of a SCA can be avoided. These transactions may be Out Of Scope transactions, or exemptions.

Out of scope transactions are transactions which are not subject to the legislation. For these transactions the rules imposed by PSD2 do not apply.

The following types of transactions are considered out of scope:

These transactions are not subject to PSD2 and may be processed without authentication.

Exemptions can be divided in two categories: issuer exemptions and acquirer exemptions.

Issuer exemptions can be applied directly by the issuer in the following cases:

Acquirer exemptions are requested by the merchant upon agreement with the acquirer.

While Issuer exemptions are directly applied by the Issuer, Acquirer exemptions are requested in the authentication flow and may be accepted or not by the Issuer.

If an acquirer exemption is accepted, a liability shift from the Issuer to the Acquirer will occur ; meaning that the Acquirer will be liable in case of a fraud chargeback on that transaction.

The following acquirer exemptions may be requested:

Transaction and integration types

The following transaction types exist in Axerve Ecommerce Solutions [transDetails.type]:

According to the type of the interaction with the PSP, the following operations are possible:

Axerve will handle each transaction accordingly to merchant configuration and transaction parameters. The merchant may also express a preference in every single transaction regarding:

You can find more technical information about integration in API documentation and you can download the infographic here