Zuora's implementation of 3D Secure 2.0
Zuora facilitates 3D Secure 2.0 integration for merchants, ensuring compliance with PSD2 and supporting SCA through payment gateways.
As an integrator between merchants and payment gateways, Zuora helps to manage your payment flows in the subscription business. Zuora enables integrations to payment service providers, such as payment gateways and processors, which in turn communicate with the issuing bank. It is ultimately the issuing bank that determines whether a card needs to be authenticated or not.
To be compliant with PSD2, payment gateways must also support SCA. 3DS2 is seen as the standard to support SCA. Zuora ensures that you have the visibility on the status of payment gateways. When a payment gateway is ready to support 3DS2, Zuora will also include or enhance the integration with the gateway to support 3DS2.
Optional action
-
(Optional) Update your gateway configuration in Zuora for the following payment gateway integrations . To indicate whether to enforce the SCA Challenge during 3DS authentication if possible, configure the setting specific for the 3DS authentication challenge on the gateway settings page. For more information about these settings, see articles for the following gateway integrations:
-
Braintree
-
Checkout.com
-
CyberSource v2.0
-
-
For merchants advised by their payment gateways to pass in an order value or authentication amount, Zuora’s implementation does not distinguish between an authorization and an authentication amount. To make this distinction, you have to specify a value for the
authorizationAmountfield, the client-side HPM parameter in the request for rendering Payment Pages 2.0. Some payment gateways recommend $0 authorizations. Thus you must ensure that your merchant account is also configured to allow for the $0 authorization.