Is 3-D Secure mandatory?

In most cases 3-D Secure is not mandatory, but is highly recommended.  It is however compulsory when processing Maestro cards. Some acquiring banks require that you use 3-D Secure. Please check with your acquiring bank before making any decisions on this.

How do I activate 3-D Secure on my account?

If you are using Payment Pages, 3-D Secure will be enabled automatically by ourselves. If you are using an API system and require 3-D Secure, you have to include the relevant XML for performing 3-D Secure requests or if you are using the JSON integration, please refer to the Online 3-D Secure documentation.

Are commercial cards covered by 3-D Secure?

The majority of Visa / Mastercard branded cards are covered by 3-D Secure, which does include some Commercial Cards. More information can be provided by your acquiring bank.

What is the liability shift for 3-D Secure?

Provided you are utilising the 3-D Secure system, you will be covered for the majority of fraudulent transactions that are processed and the liability for payment will shift back to the card issuer.

Secure Trading believes the liability shift to be as follows:

Brand Enrolled Status Liability
Visa U Merchant*
Visa N Card Issuer**
Visa Y Y Card Issuer**
Visa Y N Merchant***
Visa Y A Card Issuer**
Visa Y U Merchant*
MasterCard U Merchant*
MasterCard N Card Issuer**
MasterCard Y Y Card Issuer**
MasterCard Y N Merchant***
MasterCard Y A Card Issuer**
MasterCard Y U Merchant*

Y= Yes
A= an attempt on something did not work with the communication
N= No
U= Unknown

* Important note: If the brand is Visa and enrolled or status is returned as a “U” (Unknown), it means that the merchant is not covered by the 3-D Secure scheme. In this case the merchant is still liable for any fraudulent transactions.
** Important note: There are some cases where the liability is not covered by the card issuer; for example some commercial cards under both brands. For more information please contact your acquirer.
*** Important note: In this case it is strongly recommended that the transaction does not proceed. This means the password entered did not match.

This is a high level overview of the liability shift. Please bear in mind we facilitate the process; we do not create or enforce the rules. If you are unsure of any transaction status that you may see, we would recommend that you contact your acquirer.

What is 3-D Secure?

3-D Secure is an additional layer of security that authenticates a customer during a transaction. It also affords you more protection against potential chargebacks.

Do I have to request to go live?

Yes, you must send an email to [email protected] requesting for your account to be switched into live mode.

Please note:  this is only possible after you have received the email informing you that your merchant number has been successfully tested!

How long does it take to receive the platform credentials?

These will be sent out by the support team once they’ve been set up after your contract has been signed with your account manager.  Account Credentials are usually supplied within a 48-hour period.

Are refunds, authorisations, settlements and fraud/risk checks supported?

Yes, these features are fully supported.

Can I re-authorise transactions in STPP?

There is a fully integrated Re-Auth button that is available at the bottom of every transaction you have processed in MyST, allowing you to re-attempt another payment against that card.



Please note:  re-authorisations will not include the Security Code. You may be charged extra fees from your acquiring bank, please check with them before re-authorising!

I’ve sent you my PayPal Username, but how do I setup PayPal itself?

If you are using Payment Pages, it’s automatically done for you.  If using Webservices or STAPI however you will need to check the relevant XML instructions. For the JSON integration, please refer to the online documentation.