A simple guide to one-click payments for retailers trading online (SCA)

16 Feb 2021

Bira’s preferred card processing solution Global Payments have produced this simple guide to one-click payments for retailers trading online.

What are one-click payments?

For independent retailers trading online, one-click payments are payments where customers are charged while they’re on-session, and card details are saved for future sessions for "one-click" payments. After the first purchase, customers can pay with a single click only. This is usually for regular returning customers.

Best practice SCA for one click payments

SCA ensures the legitimate cardholder can make payments. Therefore, it’s essential to make sure that:

  • Good quality information is collected to establish the Cardholder is the person making the payment.
  • Using Strong Authentication (e.g 2 Factor Authentication) to verify the cardholder.

To ensure best practice, Bira’s recommended card processing provider Global Payments suggests using 3DS2 to give the card issuer sufficient quality information to verify the Card Holder and the challenge for 2 factor authentication when requested.

3DS2 is a fully SCA compliant authentication protocol and Global Payments recommends this for every transaction for ecommerce payments as it gives the Issuer the maximum amount of information as possible. The issuer can then decide to approve the transaction (frictionless) or to challenge the Card Holder with SCA, for example an SMS to their mobile with a One Time Password.

If 3DS2 is not available, Global Payments recommends using 3DS1.

When processing a payment on a stored card it should be flagged as “Credential on File” to indicate to the Issuer that the card has been stored, this will give the Issuer as much insight into the circumstances of the payment as possible.

For the Initial payment, Global Payments recommends the following process for payment:

  1. Authenticate the cardholder using 3DS2. This will give the Issuer enough information to verify that the cardholder really is the person initiating the payment.
  2. Authorise the card. This transaction should be processed with the appropriate “Credential on File” flags. This transaction could be for a zero value amount if this is supported by your acquirer.
  3. Store the card. When the card has been successfully authorised the card should be stored.

For any Future payments on the stored card, our recommendation for the flow of the payment is:

  1. Authenticate with 3DS2
  2. Authorise with the appropriate “Credential on File” flags.

Are there any exemptions that can be used to avoid challenging a customer?

Exemptions can be applied for transactions meeting certain criteria, such as a low value transaction, in the following potential ways. 

  1. An Issuer may apply an Issuer exemption and allow the transaction to flow through without a challenge (frictionless), based on the good quality of infomation you supply, and exemption criteria being met (for example low value).
  2. Your Acquirer, may request an exemption (in this case the low valuue exemption) to bypass SCA, based on a request by you. If the Issuer accepts the request for the Acquirer exemption, there will be no challenge to the Cardholder (frictionless). If the Issuer declines, the transaction will have to be processed again using 3DS2.

 Which solution is best for me?

If you need help identifying your intergratuon type please contact Global Payments here.

HPP API

I store cards with Global Payments ecom and take payments online via our website or app which is intergrated to Global Payments via HPP

1. Review the payment flow

You may need to alter the flow that the customer goes through when they store their credentials so that the card is authenticated, authorised and then stored

2. Make a change to yout HPP intergration to ensure all of your transactions are processed with SCA

The purpose of these changes is to supply the Issuer with all the infomation they may need in order to verify the cardholder. HPP will automatically facilitate a challenge to the cardholder if required.

HPP can support both 3Ds2 and 3DS1 simultaneously and should 3DS2 be unavailable, HPP will dynamically route transactions through 3Ds1, meaning you don’t need to implement any logic around this.

3. HPP will automatically include the correct "Credential on File" flags on your behalf, meaning this will require no work by you

I store cards with Global Payments ecom and take payments online via our website or app which is intergrated to Global Payments via API

1. Review the payment flow

You may need to alter the flow that the customer goes through when they store their credentials so that the card is authenticated, authorised and then stored

2. Intergate into the new 3DS2 servive to ensure all of your transactions are processed with SCA.

The purpose of 3DS2 is to supply the Issuer with all the infomation they need to facilitate a challenge to the cardholder if needed and to verify the cardholder

 API 3DS2 documentation is available here.
Where 3DS2 is unavailable 3DS1 should be used. The API 3DS1 documentation is available here.

3. Ensure the Creditial on File flagging notifies the Issuer that the authorisations are on a stored card.

For the Initial Authorisation, it should include "Credential on File" flags meaning the card will be stored. As the cardholder is present at the time of authorisation it should also be flagged as "Customer Initiated" and indeed as "Subsequent" (not the first) transaction.

Who is liable in the event of a dispute?

Liability for fraud related chargebacks, passes to the card Issuer when an SCA challenge occurs.
Where the Issuer decides to approve the transaction either frictionlessly with an Issuer exemption, or with a challenge, the Issuer is accepting liability. This means any fraud related chargebacks should not be billed to you.

What if I requested an Exemption?

If a transaction is processed frictionlessly following a request by you for an Acquirer exemption to 3DS2, you should note that you are accepting liability for the transaction. This means any fraud related chargebacks which occur on exempt transactions will likely be billed to you.

Bira’s prefered card processing solution Global Payments

Global Payments has partnered with Bira to deliver innovative solutions and preferential terms, specifically designed to help small businesses. Find out more by clicking on the button below.

Global Payments 


Additional Resources

 

 

 

< Back