3DS Visa Mandated Fields

Overview

We are notifying you of upcoming changes coming into effect on the 12th August 2024.

These changes have been mandated by Visa and will impact your 3DSv2 processing. If you do not provide these additional data fields, you will be at risk of processing transactions without 3D-Secure protection and issuing banks may decline authorisation requests. In the event of a dispute being raised, there is a potential for the loss of a liability shift.

Visa are mandating that merchants must include the following fields. It is vital you review this and ensure you begin to pass the fields to Acquired to ensure you are compliant with the card schemes.

What Services will be impacted?

• Card API [auth_only, auth_capture]
• HPP [auth_only, auth_capture]
• Payment Links via the Acquired.com Hub [auth_only, sale]
• Hosted Checkout [auth_only, sale]
• Components [auth_only, sale]

Mandated Fields

What do you need to do?

Acquired already capture the following three fields and as such, there are no changes required:

• Browser IP address
• Browser screen height
• Browser screen width

However, you need to ensure you collect and pass through the following:

• Cardholder name
• Cardholder email address - If you collect the email address, collecting the phone number is not required.
• Cardholder phone number (work/home/mobile - at least one of these fields must be provided) - If you collect the phone number, collecting the email address is not required.
• Common device identification parameters (device IP address)

Merchants and partners that use an external 3DSv2 provider must contact their provider and confirm how to ensure that the data is provided.

Please contact our support team via our support portal if you have any queries.