There has been some talk in the merchant community around the Payment Association of South Africa (PASA) mandating 3D Secure for all ecommerce merchants. PASA had sent a letter to acquirers on the 26th March 2013 requesting an implementation date of 02 April 2013 for acquirers to ensure all merchants are aware of this mandate and implements the required systems and processes. The final date for all South Africa ecommerce merchants to be using 3D was recently set at February 2014.
The mandatory use of 3D Secure across all merchants has caused confusion in terms of a merchants understanding of what is required to process a 3D Secure transaction. In South Africa, the 3D Secure MPI (merchant programming interface) is hosted and managed by Bankserv. Payment gateways integrate directly to Bankserv’s MPI and provide ecommerce merchants with an API that allows the 3D Secure transaction to be processed. Merchants using a payment gateway’s hosted payment page do not require any additional integration as this is handled by the payment gateway. Generally, merchants hosting their own payment pages are required to integrate to a different payment gateway 3D Secure service prior to sending the transaction for authorization to the acquirer. In essence this means more development, system integration and testing for the merchants hosting their own payment pages.
With 7 months left before the deadline, merchants assumed there was sufficient time to plan and implement 3D Secure but certain Nedbank merchants that had not completed 3D integration starting experiencing ecommerce transactions failing. This caused merchant sales to drop and cardholders to begin complaining. Merchants were initially not sure of the cause of the failure but were able to identify that some type of configuration or change must have taken place at Nedbank requiring the transaction to be 3D Secure. Once Nedbank identified the issue, they were able to resolve which allowed these non 3D Secure merchants to begin processing transactions.