The PSD2 Mandate requires Strong Customer Authentication (SCA) to be performed on a majority of online payments within the European Economic Area (EEA) to verify a customer's identity. For recurring, Merchant Initiated Transactions (MIT), SCA should not be required. However, there will be scenarios where an SCA challenge may still be presented by a customer's issuing bank, which will require customer authentication.
To assist merchants with recovering revenue that may be lost from failed MITs, Recurly has built support for a flow to complete an SCA challenge for re-authentication. This flow consists of the following:
- Dunning configuration updates
- Recurly email template updates
- Recurly Hosted Page updates
These updates should help recover customers whose recurring transactions are declined for 3D Secure 2 (3DS2) authentication failures. Depending on your integration, this may require updates to your Recurly settings.
Recurring payments that fail due to 3DS2 authentication failures will kick off a dunning cycle according to your current dunning management settings. If these settings are not currently configured, you'll want to ensure that these are enabled so that the appropriate recovery email can be sent.
Once enabled, you will see a separate section within your dunning management settings calling out dunning for 3DS2 failures. This will use the same cadence of notifications as configured for your standard dunning cycle.
For recurring payments that fail due to 3DS2 authentication errors, your customers will receive a new email template specifically designed to bring them back into a required payment session to complete authentication. This can be configured under your email template settings and will include a link to Recurly's hosted re-authentication flow. This hosted re-authentication flow will require you to use Recurly's hosted pages.
Recurly has built a hosted solution that will allow you to bring a customer, whose recurring payment has failed, back into a payment session to complete the authentication required by their bank. To use this hosted page, you'll need to ensure that the Recurly Hosted Account Management Pages have been enabled for your site.
At a high-level, the general flow will work as follows:
- Upon a 3DS challenge request from the issuer, the renewal invoice will move to a past due state and dunning will begin. Recurly will send a "3DS2 Decline" email to your customer in an attempt to authenticate their payment.
- From the email, your customer will be prompted to confirm their payment, which will bring them to the hosted re-authentication page, which is a page designed to bring your customer back in-session to complete required authentication.
- Selecting the "Confirm Payment" button on the hosted re-authentication page will bring your customer "in-session" to allow authentication and present a 3DS2 challenge frame from their issuing bank. The contents of this frame will vary depending on their bank.
- If authentication is successful, your customer's payment will be processed and they will be brought to a confirmation page.
- However, if payment is unsuccessful, your customer will be prompted to try again or update their billing information, which will require them to reattempt the 3DS2 challenge provided by their issuing bank.
After the PSD2 deadline of 9/14/19, Recurly will be enhancing the dunning process for transactions that are declined due to 3DS2 authentication failures, which should allow for a more customizable re-authentication flow. In the meantime, you will need to use the hosted solution described above to complete the required authentication.
Updated about 3 years ago