You might be seeing that some of your customer payments are being declined due to 3D-Secure/Authentication failures. (You can always see the reason why a payment has failed if you click into the request under Payment Gateway Response.)

Under new Strong Customer Authentication guidelines, all online transactions are now mandated to use 3DS2.

3DS2 has been spearheaded by issuers in order to add an extra level of security to all card transactions across UK and Europe. It also ensures that liability shifts from you (the merchant) to the issuer (the payer’s bank) for fraudulent transactions.

As a result, your customer may now need to enter an SMS passcode or authenticate in their banking app before successfully completing the payment.

Various card issuers will have different ways of allowing the customer to authenticate the payment. Normally, the bank will send the customer a code via SMS which they can input, or the customer will be presented with a separate screen that they will have to pass through to complete the payment process. If a customer has not received a code or any other trigger to authenticate this could be due to their bank having outdated details such as an incorrect phone number, or perhaps there was a problem with the text not delivering to the payer's phone.

It’s also important to note that if the payer is using a company card and is not listed as the official cardholder then the authentication process may not be processing correctly for the actual payer in this instance.

Prommt has no visibility of this process unfortunately, as this is the payer's own bank/card issuer presenting this extra layer of security for its customers, so for any persistent authentication issues they will need to speak to their card provider for further guidance.