3D Secure Version 2

Owned by Former user (Deleted)
Last updated: Aug 13, 2019 by S&D Team (Unlicensed)
1 min read


 Background

Card Payments are currently not authenticated via NDC APIs. This is not compliant wit the upcoming EU PSD2 regulation and may result in higher levels of fraud. The implementation of 3D secure benefits both airlines and agents as for fraudulent transactions the liability sits with the bank if the card was authenticated successfully.

 Objective

The main objective is to comply with the PSD2, strong customer authentication regulation, to enable safe online transactions for British Airways and its customers and to prevent fraud.

 Scope

The channels and applications which are in scope of this project are those that support the selling and servicing of NDC bookings where online card payments are accepted.

  • BA NDC APIs
  • com – for customer-initiated payments
  • BA Payment Services BA.com authentication V2.0 (3D Secure V2.0) – when ready

In scope are all customer-initiated regional and inter-regional online card transactions where supported. 3D secure is currently not available in all countries.  

Out of scope are secure corporate payments: This covers payments that are made with “lodged” cards (e.g., where a corporate card used for managing employee travel expenses is held directly with an online travel agent), as well as corporate payments made using virtual card numbers (which are also used in the travel sector). Regulation only allows the cardholder’s bank to request this exemption as neither the business nor the payment provider are able to detect whether a card belongs to these categories.