PSD2 (Payment Services Directive 2) and PayFlow Pro

I can’t find any information about Infusionsoft and PSD2 the new payment Services Directive 2 that is coming into force this year. We are using Payflow pro as our merchant account and paypal have suggested the following:

"In your case we would recommend getting in contact with Infusionsoft regarding PSD2 (payment services directive 2) and asking if they are making you compliant or if they are producing a merchant plug in integration to raise the security of your checkout process to the new required levels. "

Can anyone give me some guidance on this?

There is currently no official statement from Keap; however I’ve been in communication with someone on our Info Sec team who is working with our Legal team on this. I’ll post any updates as I receive them.

Thank you I’ll keep an eye on things. I would appreciate the updates as I asked the same question via support and never got an answer.

HI Martin, are there any updates on this? With SCA coming into force in September this year things are getting quite urgent now.

Hi, @AJ73. I was on a brief vacation, sorry about the delay. Yes, we are working with our processors to become PSD2 compliant by the September deadline. Regarding an ETA, if it falls on the processors to become compliant, we likely won’t release a statement or ETA. If it falls on us to implement a new feature, it will go through the typical product channels and come out in a product release note.

Hi Martin, in regards to the Merchant Processors, will the SCA support apply to both past and existing ones? Some were deprecated like SagePay and World Pay, but there are clients still using these.

We want to know if the Infusionsoft Order Forms will be ready supporting these changes.

But I guess the API is a dead end in regards to SCA?

Those are great questions, @Pav . I am not aware of the scope of processors that are being considered if it comes down to us implementing solutions nor how this impacts API. I forwarded your question to the PM in charge. I’ll let you know their response.

Hi Martin, I am going to point out several other things about this as well.

Firstly, several of us asked several months ago in regards to the status of PSD2 / SCA, but we either got no reply, or a standard response of we are working on it. It is only recently that we started to get someone from Keap, ie: Crystal and yourself to reply about it. The issue is that it is just over 9 weeks ago before it goes live on September 14th, and we still do not know what the current status of this is.

Secondly, there is a limitation with Infusionsoft API in regards to the upcoming changes, which is that the API never supported 3D Secure. If the Banks require card authentication from the client, it is not going to be possible because there is no way visual to confirm it. That means that any Custom Developed API Order Forms that use Merchant Processors in the EEA Area will have issues in the future. They will work, but if the authentication is requested, they have no way to reply back via the Merchant Processor. In other words the Card Charging part of the API will become problematic, and would have to be discouraged from being used. It means that clients will have a high rate of failure, even though the payment could be valid.

It is all very well having the changes completed before the deadline, but it would be helpful to know which Merchant Processors will be compliant before that time. As I mentioned yesterday, what happens to the likes of SagePay and World Pay, will they still be supported? If you do not support them, then specific clients will have to change their Merchant Processor, and that can become difficult depending on the business they are running.

Now you know why we are getting concerned about this. I am sure the other concerned people have additional queries as well.

Hello,
I’m just checking to see if there are any updates for this? I was just on with support and after a long conversation I got the same update I got over a month ago. I would think there would be documentation out there already for us to prepare for this change. Custom API forms is my use-case and I’m curious how that’s all going to work with our the integration with Nexus Merchants. Even Nexus hasn’t received an update after talking with Marc. Seems strange there hasn’t been an update or documentation thus far - anyone know anything?

Thank you for this information Pav - quick question… where can I find information regarding what link you’re using to integrate with Authorize.net’s API?

We’re currently in touch with a third party about installing 3D-Secure for our checkout process and they want us to make sure the API is going through a specific url.

Thanks in advance!