Saferpay FAQ: Introduction of 3-D Secure 2.0

Relevant information for developers


The Regulatory Technical Standards (RTS) under the Second EU Payment Services Directive (PSD2) are due to take effect on 14 September 2019. They mainly require strong customer authentication (two-factor authentication) for online payments. To comply with this requirement, the card organisations Visa and Mastercard together with EMVCo have further developed the 3-D Secure security process: 3-D Secure 2.0 is PSD2-compliant and is valid in EU countries as well as Switzerland. According to the requirements of the card organisations, 3DS 2.0 must be supported by all online merchants.

Worldline always provides you with the latest version of 3-D for Saferpay. The current version used is 3-D Secure 2.1 (hereinafter referred to only as “3-D Secure 2”). 

Do I have to take immediate action regarding 3-D Secure 2?

This depends on whether you already use the current Saferpay JSON API or work with one of the old interfaces. The journal overview (https://www.saferpay.com/BO/Commerce/JournalOverview) within the Saferpay Backoffice and the transaction details clearly indicate which interface was used to create the transaction.

The Transaction Journal in the Saferpay Backoffice features a column labeled "Application". The values in this column indicate which interface was used to create the concerned transaction.

saferpay interface

The Transaction Details Page in the Saferpay Backoffice also shows the interface that was used to create, capture or cancel the transaction.

saferpay interface

How do I know which interface I am using?

Under Online Support / Interface Usage you can see which interfaces were last used to access Saferpay.

saferpay interface

Relevant values for this field are as follows:

AbbreviationLong textAction required
AISaferpay Client Application InterfaceSwitch to JSON API
HIHTTPS InterfaceSwitch to JSON API
PP/AI/HIPayment Page / Saferpay Client Application Interface / HTTPS InterfaceSwitch to JSON API
BOSaferpay BackofficeNO
BPSaferpay Backoffice Batch ProcessingNO


Please note that with more complex systems different interfaces might be used for communicating with Saferpay. The frontend (website, web shop or app) might already be integrated with the JSON API, whereas the downstream management system (e.g. ERP or PMS tools) might still use the older interfaces. It is therefore important to check all relevant transactions to ensure that no old interfaces are being used.

I already use the JSON API. Do I have to do anything?

No, you do not have to do anything. 3-D Secure 2 is currently being rolled out as a pilot and will soon be available to you automatically.

I still use the old interface (https interface or Saferpay client). Do I have to do anything?

3-D Secure 2 is only supported with the JSON API. The old interfaces do not support the new standard and will be deactivated at the end of 2020. It is therefore important that you migrate to the JSON API, even if your system does not use 3-D Secure functionality. For more information on the migration, please refer to Migration to the JSON API.

I am a new customer. Do I have to do anything to use 3-D Secure 2?

As a new customer, you are already using the Saferpay JSON API Interface and you therefore do not have to do anything. The migration from 3-D Secure 1 to 3-D Secure 2 will take place automatically within Saferpay. For more information, please refer to our integration guide for getting started with your Integration Process.

Migrating to the Saferpay JSON API

Technology is changing in many ways and interfaces are no exception. If you operate a web shop and offer more than one means of payment, it is important that the interfaces also comply with the new requirements. By adapting your interface to the Saferpay JSON API, you are making sure that the payment authorizations between your system and Worldline continue to work seamlessly in the future. In addition, you will benefit from additional security mechanisms, more means of payment and a simplified integration.

To migrate your interface, it is best that you contact the technical person in charge of your web shop or other applications that are connected to Saferpay.

If your shop uses a plug-in to connect to Saferpay, our partner Customweb offers the latest Saferpay modules for many shop systems at https://www.sellxed.com/shop/en/chf/extensions/module/payment-service-provider/saferpay.html.

If you have an individual implementation, you can find the general documentation for the Saferpay JSON API at https://saferpay.github.io/sndbx/index.html.

The technical documentation, including a structured listing of all requests, their containers and parameters as well as relevant example codes, is available at: http://saferpay.github.io/jsonapi/.

For all the necessary information on the Saferpay test environment (including the option to set up an individual test account), please visit the Saferpay test account support page.  

Comparison of functions and parameters

Our documentation contains all the information necessary for the implementation of the JSON API. However, for you to have better understanding of the JSON API and to assist you with the migration process, the following table shows a comparison between the old interfaces and the JSON API.

Old interfaceJSON APIComment
CreatePayInit (SCD)Alias/Insert 
CreatePayComplete (ACTION=Settlement)Transaction/Capture 
CreatePayComplete (ACTION=Cancel)Transaction/Cancel 
CreatePayComplete (ACTION=CloseBatch)Batch/Close 
The ACCOUNTID consists of the CustomerId and TerminalId, separated by a hyphen.
Execute (ACTION=Debit)Transaction/Authorize or Transaction/AuthorizeDirect 
Execute (ACTION=Credit)Transaction/Refund or Transaction/RefundDirect 
Automatically generated aliases were numeric and incrementedAliases generated by Saferpay are alphanumeric.The definition of aliases (alphanumeric to 40 char. length) is the same. Aliases are valid across interfaces. Aliases generated with the old interfaces can be easily reused with the JSON API.
Authentication using SPPASSWORDBasic authentication or client certificate authentication 
CreatePayInit (including formatting of the payment page):
PaymentPage/Initialize using the parameter CssUrlAlternatively, the design of the payment page can be configured in the Backoffice.
CreatePayInit (including the display of the acceptance of the terms and conditions on the payment page: Parameter TERMSCHECKBOXACTIVE, TERMSURL)Not availableThe acceptance of terms and conditions is part of the purchasing process and should be carried out and logged on the website or in the web shop. This function is therefore no longer offered in the payment process.


With the old interfaces, it was possible to provide an expiry date with authorisation selection (execute). This would then override the expiry date saved for the transaction with the alias in the Secure Card Data (SCD) database. The JSON API no longer provides this option. Here, the expiry dates in the SCD database can be adjusted by the alias/update request if required. If you are using SCD with the old interfaces and have previously provided the expiry date with the execute request, this should be taken into account in your new implementation.

Basic description of the processes

Payment Page

For a detailed description of the process using the JSON API, please refer to: https://saferpay.github.io/sndbx/Integration_PP.html

Standard Business Flow


The JSON API simplifies the process considerably without the need to store the card data first, while still providing the option to do so if required. Furthermore, it is no longer necessary to use the VerifyEnrollment request. The verification is done automatically by Saferpay.

For a detailed description of the process using the JSON API, please refer to: https://saferpay.github.io/sndbx/Integration_trx.html


Do you have any further questions regarding 3-D Secure 2 or the interface change? We are also happy to assist you with updating your Saferpay interface. 


  • *
  • *
  • *
  • *
  • *
  • *

    I have read and understood the privacy policy.


    would like to receive marketing-related electronic communications, including news, events, updates and promotional emails. I understand that I can withdraw my consent at any time by following the unsubscribe link included in your communications.

  • *Mandatory field