Effective August 12, 2024, Visa will require 3 data elements in the 3DS Authentication Request. All merchants processing 3DS through Visa must provide complete and accurate transaction data in their authentication request for accurate risk assessments and better performance.
Required data fields for VISA
Visa revised the mandatory date to provide the ecosystem with more time to prepare for the new requirements. Based on ecosystem feedback and further analysis,
The following additional data fields are to be provided in the tokenization (with 3DS authentication bundled), authentication, and create payment method requests:
Priority Data Fields | Requirement Status |
Cardholder First Name | Mandatory (Browser / In-App) |
Cardholder Last Name | Mandatory (Browser / In-App) |
Cardholder Email Address | Mandatory (Browser / In-App) |
Cardholder Phone Number (Work / Home / Mobile) | Mandatory (Browser / In-App) |
Impact for not sending the additional fields for authentication transactions
Transaction that currently processed will remains unaffected.As of today Visa is not actively enforcing issuers to check all the fields, but merchants may experience a higher 3DS authentication challenge rate based on the issuers' risk assessment.
Xendit will follow any developments and announcemenst closely and ensure that merchants will get updated with the latest information. Additionally, Xendit will provide for the optimal authentication journey and accomodates merchants to send in the requested fields..
Special reminder for merchants who use previously created multiple use tokens
If the merchant did not collect cardholder information during the creation of the multiple use credit card token/payment method, this field will also not be available for subsequent transactions of those multiple use credit card token. This might also be applicable to the email address and/or phone number field(s).
Merchants can keep using cards that were already stored in the multiple use credit card token/payment method and for which these fields were not yet collected. However, it is important to make sure these fields will be collected for new multiple use credit card token/payment method so that these fields can be present in the card on file flow going forward.
To be able to send the card holder information for a previously created multiple use token, merchant can send the card holder information through the `card_data` parameter inside createAuthentication function in the web/mobile SDK as stated in our doc.