Elle here from Shopify.
I would recommend looking into the payment provider, Stripe, as they offer 3D Secure! PayPal is another popular payment provider utilized in France. It can also be used in conjunction with a major credit card gateway such as Stripe.
Speaking to Stripe and PayPal directly is recommended as they can assist you with setting up you merchant accounts and understanding all applicable fees!
In regards to the French list not being updated, are you referring to our payment provider list here? It should be up to date; however, if you notice any inconsistencies please let me know and I will loop in the appropriate team to make changes.
Hope this is helpful! Happy to help if you have any other questions.
The page you're mentioning is listing for example Paybox Direct which I've tried. Problem is that they don't support 3D secure in their implementation with Shopify which is a problem since 3D secure is now mandatory for European clients and vendors.
At least you should have two lists - one that supports 3D secure with you (Stripe, Payzen...) and others that don't (Paybox Direct...) For some merchants selling lower value items, 3D secure might not be of utmost importance.
For us it is a requirement otherwise the bank will not follow.
Thanks so much for your valuable feedback. I've let our developers know of your request!
If there's anything else I can help with, please let me know.
I should add to this thread that Stripe is not compliant either. The Shopify integration does not automatically include 3D Secure, even though all their documentation says it is compliant. I chose Stripe for that very reason, but it actually doesn't comply and I'm currently in contact with Shopify's technical dept to try and get this solved. Otherwise I'll be looking for another card payment provider.
Hmm, well that's interesting. I only decided this month to finally add card payments (separate from Paypal, which of course customers can also use for card payments if they wish) to my site. I signed up for Stripe as it clearly states in Shopify's manuals that if we choose Stripe we will be compliant. When I came to activate it in my back office, a warning message appeared up at the top saying saying that Stripe does not support 3DS and that I should contact them for more information. I did so, and got a message back - a bit technical for me to understand it all, but the gist was generally that it was up to Shopify as the providers of the integration to make the necessary modifications, and not Stripe. I then contacted Shopify who told me to contact Stripe! After a prolonged chat, the advisor told me a member of the technical team would contact me, which they did. I'm now waiting for them to come back to me again to advise me on what to do.
Yesterday, a customer contacted me to tell me that she'd paid by card and wanted to know why 3DS did not activate when she paid. So clearly it isn't working. As it happens, the French central bank has given website owners an 18 month extension until March 2021 to make their websites compliant, so I am not currently breaking the regulations, but I would like to get this sorted out sooner rather than later.
My website is located in France, which is why I'm replying to this thread. 3DS should be triggered for any amount over €30, which this order was. So I would expect a second screen to appear where the customer can give 2-factor authorisation via a code sent by their bank, as is commonly found on other websites here in France. But this isn't happening. The Shopify technical expert has said to me that 3DS is working correctly in my store, but that:
"3DS only shows to a customer when Stripe determines it is mandatory for the transaction to be successful. That's determined by the customers bank. So its normal that it won't show to customers on all, or even most, Stripe transactions."
He gave me a link to the relevant Stripe documentation which talks about 3DS1 (which as I understand it is the "old" version requiring 2-factor authentication) and 3DS2, which Stripe supports, and which may not require this. However, the EU regulation is quite clear on this. It says:
"The requirements of strong customer authentication across the EU will help reduce the risk of fraud for online payments and online banking, and protect the confidentiality of the user's financial data, including personal data. This means that European consumers will benefit from safer electronic payments. In terms of how it works in practice, customers will receive advice from their banks or payment providers. They will have to provide two or more of the following elements when making payments, which can be categorised as:
So if we are not asking for 2-factor authorisation via a pin, password or code then we are not complying. So now I am waiting for more clarification from Shopify on this. If anyone has any more info on this, or if you think I've misunderstood something here, then please do comment.
I'm completely with you on this one - Shopify need to step up their game about being compliant with European regulation. 3DS has been around for long enough to be available on the platform and implemented as it should be.
I'll run my own test live and let you know.