[#7425] PSD2 Support for PayPal by 1 April 2019

4 months 5 days ago - 4 months 4 days ago #309973 by cliffvt
Received this email today from Paypal:

Because you’re using a PayPal Pro direct solution to accept card payments on your website, you’ll need to update your online checkout to meet card issuers’ PSD2 obligations. We recommend you integrate, test and launch your new authentication processes as soon as possible. Missing the deadline could lead to declined payments.


and

Here’s what to do

We recommend you integrate 3DS authentication to your checkout by April 2019 to comply with PSD2 and the SCA requirements.

PayPal has partnered with CardinalCommerce®, a wholly-owned subsidiary of Visa® focused on authenticating digital transactions, to provide 3DS authentication using a CardinalCommerce merchant plug-in (MPI) integration. This plug-in will activate 3DS, applying the required level of authentication before a cardholder’s funds are released prior to sending PayPal your sale transaction.

If you do not have the required level of authentication, your transaction will be declined.


How do you recommend that this is implemented in CB Paid Subs by April 2019 please?

Thanks

Cliff
4 months 4 days ago #309983 by krileon
From the sounds of it 3DS authentication will become required in September by law for Europe. Credit card processors will start implementing support for this requirement come April. This is according to PayPals own page below.

www.paypal.com/uk/webapps/mpp/psd2

So I guess we've until September to implement support for 3DS in the PayPal Pro gateway and probably Stripe as well. Have added the necessary feature tickets as follows.

forge.joomlapolis.com/issues/7425
forge.joomlapolis.com/issues/7424


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Templates - CBSubs - Hosting - Forge - Incubator - GroupJive
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM EST to 4:00 PM EST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: nant
1 month 1 week ago #311796 by cliffvt
Hey Kyle

Just to let you klnow that PayPal are bugging us about this. I had a call today, which they have now rescheduled to 1 June to decide whether to revoke or continue our Paypal Pro service.

Seems they are nervous about waiting for compliance by September due to the fact that some major banks are implementing in may already so may mean that payments cannot be made if we are not compliant.

So long and short it seems they want us (and I am sure many others) to demonstrate compliance by June or revoke PayPal Pro subscription which would be a travesty :(

FYI

Cliff
1 month 1 week ago #311797 by krileon
Their own site says September. It's not required until then. I will review implementation today and see if I can have it implemented sometime next week.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Templates - CBSubs - Hosting - Forge - Incubator - GroupJive
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM EST to 4:00 PM EST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
1 month 1 week ago #311815 by krileon
Have reviewed the requirements to get this implemented and started initial implementation. For the future I don't recommend anyone use on-site payments with such strict security requirements. Hosted payment solutions will be able to handle emerging security requirements significantly easier and more timely. Personally I believe on-site payments should go away. Hosted payment solutions provide a much better experience for the user with peace of mind and security and are significantly easier to implement support for them.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Templates - CBSubs - Hosting - Forge - Incubator - GroupJive
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM EST to 4:00 PM EST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
1 month 1 week ago #311817 by krileon
Ok, implementation of 3-D Secure in their older Website Payments Pro is not going to happen. I will be exploring their Buyer Authentication, which is 3-D Secure compliant, in combination with their Transparent Redirect usage. The Transparent Redirect causes payments to submit directly to PayPal instead of your server which makes PCI Compliance significantly easier and if it the Buyer Authentication works correctly with it that would meet your requirements. This however does not work with Website Payments Pro so you will need to be using their Payflow Pro API. If this is not acceptable I highly encourage you to switch to PayPal Standard and use a hosted solution.

After this I will be reviewing implementing Payment Intents in Stripe, which will also cover this requirement and could be a good alternative for you. I'll also be reviewing implementing their newer Checkout API which is a hosted solution.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Templates - CBSubs - Hosting - Forge - Incubator - GroupJive
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM EST to 4:00 PM EST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Moderators: beatnantkrileon
Time to create page: 0.402 seconds
Facebook Twitter Google LinkedIn