I am a merchant using the 3D Secure Card Payments

Important notice: Both existing and new merchants implement relevant integration changes on the client test environment and production environment within the deadlines and according to the instructions of their provider (acquirer).

Merchant using the 3D Secure card payment is integrated using an HTTP API.

The requirements of the PSD2 RTS and card schemes impact this merchant, who needs to make changes in the current integration using an HTTP API.

Card schemes require the mandatory provision of the data indicated below for every card payment, with the main objective being to support the shopping process as much as possible without interruption by the authentication measures of the issuer through the application of the TRA (Transaction Risk Analysis) exemption from strong customer authentication by the acquirer or issuer:

  • Name
  • Email address
  • Home phone number
  • Mobile phone number
  • Billing address
  • Shipping address

In this case, merchant implements and uses the extended ADDINFO parameter for the transmission of the above data (see the up-to-date version of the “GP webpay API HTTP – Technical Specification”).

Merchant will also update his general business terms and conditions and data protection policies to take account of the aforesaid personal data processing.

If strong customer authentication takes place, the liability for chargebacks with respect to such payments is transferred to the issuer, who is also liable for potential losses.

Providing that, based on a previous agreement between the acquirer and the merchant, the TRA exemption from strong customer authentication is applied by the acquirer with whom the merchant has concluded an agreement on payment cards acceptance on the Internet, the liability for chargebacks is not transferred to the issuer, and the acquirer is liable for potential losses, and may transfer this obligation to the merchant.

Providing that the TRA exemption from strong customer authentication is applied by the issuer, the liability for chargebacks is transferred to the issuer, who is liable for potential losses.

Please send your inquiries or requirements for implementation support to the email address gpwebpay@gpe.cz.