Post by Daniel » Fri Apr 12, 2019 2:54 pm

This is very important if you sell products to EU customers. From 14 September 2019 all EU credit card transactions will be rejected if your store does not have 3d secure setup on your web site.

I have been contacted by PayPal regarding this.

I can not find the link to any EU sites with the new law information. It is on stripes web site:

https://stripe.com/en-US/guides/strong- ... entication
On 14 September 2019, new requirements for authenticating online payments will be introduced in Europe as part of the second Payment Services Directive (PSD2).
We are contacting all the gateways that are included in opencart to get them to update their opencart payment extensions.

If you require a quick solution i recommened cardinal commerces JS 3d secure intergration:

https://developer.cardinalcommerce.com/index.shtml

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by OSWorX » Fri Apr 12, 2019 3:29 pm

Well here you have:
https://ec.europa.eu/info/law/payment-s ... 15-2366_en
Here in German:
https://de.wikipedia.org/wiki/Zahlungsdiensterichtlinie
And English:
https://en.wikipedia.org/wiki/Payment_S ... _Directive
Ad a few more (in German):
https://www.concardis.com/at-de/blog/ar ... egeschaeft
https://newsroom.mastercard.com/eu/de/2 ... -haendler/
https://www.wuv.de/digital/neuer_bezahl ... r_beachten
https://www.six-payment-services.com/de ... e-2-0.html

In general, this Directive is old, made already in 2015.
Valid from January 2018 and have to be fullfilled not later than the 14th September 2019

This 'new' law is called 'EMV 3-D-Secure 2.0' (created by Europay, Mastercard and Visa) is part of the EU-Zahlungsdiensterichtlinie (PSD2)

Important to say, this process is valid only for transactions made with Credit Cards.
Wichtig hier, dieses Verfahren gilt nur für Kredikartenzahlungen!

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by paulfeakins » Fri Apr 12, 2019 5:20 pm

OSWorX wrote:
Fri Apr 12, 2019 3:29 pm
In general, this Directive is old, made already in 2015.
Valid from January 2018 and have to be fullfilled not later than the 14th September 2019
Why does no one know about it then? And why is there nothing online about it?

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by Daniel » Fri Apr 12, 2019 6:26 pm

This is bigger than GDPR

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by OSWorX » Fri Apr 12, 2019 6:39 pm

paulfeakins wrote:
Fri Apr 12, 2019 5:20 pm
OSWorX wrote:
Fri Apr 12, 2019 3:29 pm
In general, this Directive is old, made already in 2015.
Valid from January 2018 and have to be fullfilled not later than the 14th September 2019
Why does no one know about it then? And why is there nothing online about it?
Sorry, I do not know O0
And online is enough .. since a long time (2015 to be exact).
And the EC-Website can be read by everyone 24 hours a day, 7 days a week ..

Visa and MC for example made their first messages about this 1 year ago ..

Beside this, there are many directives out which will effect us all here (sorry, not GB anymore .. if they leave .. :laugh: )
For example the coming ePrivacy.
Or the packaging thing which is completely new in Germany since the 1st of January 2019.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by OSWorX » Fri Apr 12, 2019 6:44 pm

Daniel wrote:
Fri Apr 12, 2019 6:26 pm
This is bigger than GDPR
Not really, because the GDPR is valid for all and every website - worldwide.
3D-Secure is only for payments made with Credit Cards - and currently more customers are paying with other payment methods (especially here in Europe).

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by Johnathan » Fri Apr 12, 2019 10:35 pm

Those of us with payment extensions may have already been notified (I found out last fall), but the APIs for the SCA requirements weren't even ready until recently. Stripe's is ready, but Braintree's still says it still shouldn't be used in production. I think the payment companies were a little behind the ball on this one --- yes the deadline is September, but April is the start of the window for moving to 3D Secure 2.0, and that's not even possible for many payment gateways right now.

I'll be updating my Stripe and Braintree extensions for the new requirements soon. If you're using a payment method from a different developer, you should contact them to see if they know anything about updating their code. Hopefully Daniel and the OpenCart team will ensure that all the built-in OpenCart payment methods are updated before September.

Image Image Image Image Image


User avatar
Administrator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by Daniel » Fri Apr 12, 2019 10:46 pm

There are still a lot of payment gateways with no documentation on what updates are required.

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by Johnathan » Mon Apr 15, 2019 9:35 pm

Yeah, that doesn't surprise me. Either the law happened too quickly, or the payment processors are dragging their feet, or someone in the middle is holding things up. Hopefully everyone gets their documentation up soon, or there are going to be major issues for EU customers on all sorts of ecommerce websites (not just OpenCart) in September.

Image Image Image Image Image


User avatar
Administrator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by futurehosting » Fri Apr 19, 2019 7:05 pm

Most of the Payment Gateway providers have already taken this into consideration, from https://worldnettps.com/ I know every client we have referred to them and to the various merchant banks are fully aware of this and it is a standard procedure. The advantage of the gateway is that it lifts the PCI compliance requirement out of the clients/site owners hands and onto that of the Gateway provider . All these providers must be compliant.

The only difference now coming down the tracks was when a client was setting up credit card, the option to go for 3d secure was optional, now it is required. All merchant banks are in correspondence to their customers about this anyway.

Here is the link to the details
https://eba.europa.eu/regulation-and-po ... Id=1627603

Regards

Newbie

Posts

Joined
Tue Aug 30, 2016 8:36 pm

Post by futurehosting » Fri Apr 19, 2019 7:09 pm

Johnathan wrote:
Mon Apr 15, 2019 9:35 pm
Yeah, that doesn't surprise me. Either the law happened too quickly, or the payment processors are dragging their feet, or someone in the middle is holding things up. Hopefully everyone gets their documentation up soon, or there are going to be major issues for EU customers on all sorts of ecommerce websites (not just OpenCart) in September.
This has been flagged for a very long time, it was the banks themselves. Now to be honest 3d secure is a nightmare and the banks are trying to come up with something better. Some banks are forcing customers to sign up and link their mobile so they can txt to customers.

But there are other rulings coming down with other consequences as well which I linked in the above post. This is to give greater transparency to the customer, protect from fraud and allow greater ability to charge backs. For the site owner I can see other levels of verification that will need to be considered, from email verification to secure the order, etc.

Regards

Alex

Newbie

Posts

Joined
Tue Aug 30, 2016 8:36 pm

Post by adamdevine78 » Sat Apr 27, 2019 1:46 pm

Still there are many gateways that are not secured.

Newbie

Posts

Joined
Sat Apr 27, 2019 1:34 pm

Post by rpmb » Tue Apr 30, 2019 12:19 am

I have had confirmation from Paymentsense that their module is ready for this.

Version 3.0.0 for OpenCart 3.x

I am not sure if that also applies to the module they have for 2.x

opencart 3.0.2.0


User avatar
New member

Posts

Joined
Wed Jun 30, 2010 9:13 pm
Location - Cornwall

Post by straightlight » Sun May 05, 2019 9:51 pm

As the first post addresses, however, it is not only about the 3D Secure payments but also about, yes, the second payment services directive (PS2) but also about the: Strong Customer Authentication (SCA) as per this web page with MPP within the UK:

- https://www.paypal.com/uk/webapps/mpp/psd2
- https://developer.paypal.com/docs/psd2-compliance

Jonathan did addressed the SCA package on the above. In addition, the web page has now been provided for more information.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Tue May 07, 2019 5:19 am

Based on the first post with Stripe, a forum user indicates it is not compatible with Egypt still on this day: viewtopic.php?f=198&t=211580#p754334 .

Countries available with Stripe: https://stripe.com/global

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by Daniel » Fri May 10, 2019 2:55 pm


OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by ecoleman » Tue Jul 09, 2019 10:12 pm

Hi Daniel,

Are there any plans to update the Sagepay Direct payment method to Protocol 4.00?
It seems pointless me finding somebody to update this if somebody is already updating this from your end.

Cheers
Elliott

Active Member

Posts

Joined
Tue Dec 06, 2011 3:34 am

Post by Root66 » Wed Jul 24, 2019 3:56 pm

Very good info you shared in this thread.

User avatar
Newbie

Posts

Joined
Wed Jul 24, 2019 2:39 pm


Post by RainbowDogs » Sat Jul 27, 2019 8:26 pm

We currently use the Clear Thinking Stripe extension so will be updating to the new compliant version.

I would however like to have PayPal as a backup. Is 'Paypal Payments Standard' already compliant or do I need to do anything?

Opencart version: 1.5.6.4

Newbie

Posts

Joined
Sun Feb 11, 2018 5:48 am

Post by Johnathan » Sat Jul 27, 2019 9:49 pm

Since PayPal Standard redirects to paypal.com, and then the customer enters their PayPal account or credit card info there, I'd imagine it will be SCA compliant by the deadline in September. PayPal handles the payments on its own site, and since they're a huge company I'm sure they'll have everything ready. Unless it needs some particular data from the OpenCart side (which I haven't heard anything about at this point) I think you should be fine.

Image Image Image Image Image


User avatar
Administrator

Posts

Joined
Fri Dec 18, 2009 3:08 am

Who is online

Users browsing this forum: No registered users and 42 guests