home

Zuora Payments

Zuora BillingZuora PaymentsZuora PlatformZuora CPQZephrZuora RevenueAccounts ReceivableRelease NotesBasicsEntitlementsSupport and policies
Zuora BillingZuora PaymentsZuora PlatformZuora CPQZephrZuora RevenueAccounts ReceivableRelease NotesBasicsEntitlementsSupport and policies

Welcome to Zuora Product Documentation

Explore our rich library of product information

Show Contents

thumbnailZuora Payments

Zuora's implementation of 3D Secure 2.0

Mandatory action

Ensure your gateway supports 3DS2, use Zuora's solutions, and configure required fields for compliance with Visa's 3D Secure guidelines.

  • Check if your gateway instance supports 3DS2 as documented in Payment gateway support for 3DS2 . If it does not support 3DS2, switch your gateway provider or upgrade your gateway instance to a version that supports 3DS2.

  • Ensure that you are on any of the following Zuora's solutions:

    • Payment Pages 2.0

    • Payment Form

    • Payment Link

  • Stored Credential Transaction framework is a requirement of strong customer authentication exemptions. Without stored credential transactions enabled, the payments processed through your tenant are not exempted from SCA and might fail. When creating a Credit Card payment method, Zuora will automatically create a stored credential profile for the payment method. If you cancel or expire the stored credential profile created by Zuora, ensure that you manually add your own stored credential profile for the payment method.

  • Update your configuration for Payment Pages 2.0 . Zuora supports 3DS2 via the embedded iFrame of Payment Pages 2.0 if the gateway you use is in the preceding table. When configuring a Payment Page, select Enable 3D Secure 2.0 . With this setting enabled, Payment Pages will go through 3DS2 authentication service provided by the payment gateway. The 3D Secure 2.0 page of the card issuer will be rendered in the Payment Page iframe. The size of the 3DS2 prompt is fixed by design. It is not responsive to the size of the Payment Page iframe form. If Direct POST is used, you should implement 3DS2 for your website outside Zuora. As such, you take full control of the card authentication and authorization flow. After you get the networkTransactionId from the gateway, pass through the credit card data along with several required fields for merchant initiated transactions (MITs) to Zuora through Direct POST. See Direct POST Form Fields for Payment Pages 2.0 for the detailed request fields. Note that do not select the Enable 3D Secure 2.0 checkbox on your Payment Page 2.0 configuration page since 3DS2 has been implemented outside Zuora. For Payment Form and Payment Link, 3DS2 is implemented and auto-enabled on specific payment gateway integrations. See Payment gateway support for 3DS2 for more information.

  • To comply with Visa's 3D Secure (3DS) authentication guidelines , the required fields listed in the following table must be included in 3DS2 transaction requests. Additionally, including the recommended fields will further enhance transaction security. Field Requirement Status Action Required by You Browser IP Address Required None. For Payment Pages 2.0 , if you are on any of the following payment gateway integrations, Zuora collects the information automatically through the Payment Pages 2.0. You do not need to take any action.

    • Adyen Integration v2.0

    • BlueSnap

    • Braintree v2.0

    • Braintree

    • Checkout.com

    • CyberSource v2.0

    • Ebanx

    • OpayoDirect

    • PayPalPayFlow

    • SaferPay

    • Stripe v2

    • Worldline Global Collect

    • Windcave

    For Payment Form , if you are on the Stripe v2 payment gateway integration, Zuora collects the information automatically through Payment Form. You do not need to take any action. Browser Screen Height Required Browser Screen Width Required Cardholder Name Required In Payment Pages 2.0, configure the following fields as required fields:

    • Cardholder Name

    • Either Email Address or Contact Phone Number

    For Payment Pages 2.0 on the Adyen v2.0 and Checkout.com gateway integrations, configure Email Address as a required field. Contact Phone Number will not be used by Visa due to the format limitation of this field. In Payment Form, configure either Email Address or Contact Phone Number as required fields. Zuora sets Cardholder Name as a required field in the payment form. For instructions on configuring fields, see the following articles:

    • Configure Credit Card Type Payment Pages 2.0

    • Configure payment forms

    Cardholder Email Address Required, if Cardholder Phone Number is not present. Cardholder Phone Number (Work / Home / Mobile) Required, if Cardholder Email Address is not present. Cardholder Billing Address City Recommended None. You can choose to add these fields to your Payment Pages 2.0 or Payment Form. For detailed instructions, see the following articles:

    • Configure Credit Card Type Payment Pages 2.0

    • Configure payment forms

    Cardholder Billing Address Country Recommended Cardholder Billing Address Line Recommended Cardholder Billing Address Postal Code Recommended Cardholder Billing Address State Recommended Zuora is continuing to work on the following payment gateway integrations for this change. Availability details will be communicated at a later time: Zuora is currently working with Chase to understand the requirements for the Chase Paymentech Orbital Gateway integration and will make the appropriate changes once it is ready. This update has not been included in Zuora Payment Link yet. If you are not using Zuora's Payment Page 2.0 solution, such as with DirectPOST, you are responsible for the inclusion of the parameters expected for your gateway integration. For more context about Visa's revised 3D Secure (3DS) authentication guidelines and Zuora's plan, see this post in Zuora Community.

    • Chase Mobility (deadline February 2025)

    • Access Worldpay (deadline August 2025)

    • Worldpay 1.4 (deadline August 2025)

    • BlueSnap and Braintree v2.0 for Payment Form

Last updated: December 5, 2025