The Payments Association of South Africa (PASA) has mandated that all South African ecommerce merchants must ensure the implementation of 3D Secure on their sites.
The deadline for compliance was 28 February 2014 and PASA says they are “committed to ensure a robust and consistent implementation.”
According to PASA the compliance penalty approach was recently finalised and the following should be noted:
A uniform approach to non-compliance will be followed with penalties being imposed on all non-complaint Acquirers from 1 May 2015. For Merchants where implementation dates are after 1 March 2015, Acquirers will pick up a monthly penalty until the date of compliance.
Penalties will be:
* A Once off penalty of R100 000 per merchant for non-compliance -1 March 2015;
* R50 000 per merchant for the first month of non-compliance -1 April 2015; and
* R50 000 per merchant increment increase per month thereafter – 1 May 2015.
Where a merchant is dual acquired, the penalty will be equally split between the acquirers. The enforcement of non-compliance will be administered by the PASA Compliance function.
In addition to the above penalties, advanced monitoring and enforcement relating to 3D Secure is proposed for e-commerce merchants. This can only be done after the implementation of interchange during March 2015 and will be discussed at the various forums and if agreed, incorporated into the Clearing Rules.
Other instances to be considered are:
* In the case of Merchants switching off 3D secure selectively, a penalty of X amount per transaction not routed through 3D Secure due to selective and wilful disabling or bypassing of 3D Secure; and
* Where Merchants are processing e-commerce transactions as MOTO transactions to avoid/evade 3D Secure, Acquirers will be penalised with X amount per transaction during the period of non-compliance.