Update: I have released version 12.0.0 which implements PSD2 for Redsys WooCommerce
As the topic of my Redsys plugins and the new European regulation PSD2 or SCA has recently become a very recurring question, I have decided to create this post and add a notice in my plugins so that everyone is informed and calm.
For months, I have been tracking the entire evolution of the new regulation and its implementation in Redsys, being in constant contact with them and asking for information. At this moment, I have partial information on how the new PSD2 or SCA regulation should be implemented in the Redsys gateway, and it is not just partial, it could change.
As is logical and natural, the vast majority of Redsys users are concerned, as the regulation comes into effect on the upcoming September 12, which means it should soon be implemented in the plugin.
Well, neither my plugins will be ready by that date, nor will any others, including those you can find on the same Redsys page.
This may be surprising, but the reason is that Redsys simply has not had time to prepare its platform to comply with the new European PSD2 or SCA regulation.
So… what is going to happen?
First of all, don’t worry, your store will continue to operate without problems, it will not stop working on the upcoming September 12, nor on a nearby date. Secondly, if you use my plugins, whether it is the free one or the paid one from WooCommerce.com (here you can see the differences between various plugins for Redsys), on the day that Redsys is ready and the new API is released, I will update the plugins with the new version of the API, adapting them to the European PSD2 or SCA regulation.
As Redsys saw that it would not have time to be prepared, a few months ago it requested a moratorium from the European regulatory authority (European Banking Authority) and it was granted until March 2021.
So with Redsys, the calendar looks as follows; It is expected that by March 2020 the new API will be released complying with 3D Secure 2.2 and its documentation. At this date, all developers will be able to start adapting our developments to the new regulation, but it will be impossible to adapt them before unless there is a change in the calendar. Once the new API is released, all merchants will have one year to adapt, until March 2021. But be careful, that does not mean that you have to wait until that date, you should adapt as soon as possible. On the other hand, I will try to have my plugins ready quickly, among other things because I do not know if once the new API is released, new contracts must use it from the beginning without the possibility of using the old one, for this reason I will try to make the adaptation very quick.
Here I leave you the email they sent me explaining everything:
As we agreed, I am sending you the statement with the new date to adapt:
Dear Customer,
We are contacting you to inform you of the latest news regarding the entry into force of the strong customer authentication of the PSD2 or SCA (in English: Strong Customer Authentication).
The SCA consists of requesting additional information from the buyer, with the aim of ensuring that they are who they say they are, when the risk analysis systems of Comercia GlobalPayments, or the buyer’s entity, identify a transaction with a high risk of fraud. An example of this additional information may be:
a. One-time code sent via SMS to the buyer’s mobile
b. Card PIN for online purchases
In the email we sent you last June, we indicated that since your operations are not adapted to this new regulation, you needed to make changes to your eCommerce and that the deadline for this was September 14, 2019.
Due to the lack of time to adapt to the new strong customer authentication (SCA) regulation, the European regulatory authority (European Banking Authority) will extend the deadline to March 2021. Thanks to this extension, you will be able to migrate to a new version of 3D Secure that is more advanced, version 2.2, which will be adopted by the entire market.
· If you have not yet started developments, we recommend that you wait to start adapting your eCommerce until March 2020, the month in which we will send you the documentation adapted to 3D Secure 2.2.
· If you have already started developments with the documentation we shared, you can continue with them. Everything you have done can be maintained for the new version of 3D Secure 2.2, but you will only be able to finalize the integration and put it into production when the documentation adapted to 3D Secure 2.2 is available in March 2020.
Likewise, the launch of the SRO service (Online Risk Scoring) that we offer from Comercia Global Payments and that analyzes each of the purchases of your eCommerce with the aim of reducing the number of times SCA will be requested from your buyers, is also postponed until the version 3D Secure 2.2 is adopted by the market. We will inform you of its availability and how to contract it in the coming months.
Best regards.
We remain at your disposal as always.
As you can see, you can be calm regarding the new regulation.
Hola José
Se sabe ya cuándo el plugin estará adaptado a la nueva normativa?
Gracias
Hola,
La API con la PSD2, teóricamente la han libertado ahora. Estoy desde hace un mes pidiendo que me la envíen, pero no hay forma. Toda la documentación online que hay, es antigua y pone «provisional» y no consigo que nadie me garantice que va a ser la definitiva, lo que quiere decir que pueden haber cambios. Al igual que no consigo que me activen la nueva API en el terminal de pruebas para prepararlo.
Al final, la PSD2 sólo afecta al tema de las tokenizaciones, ya que todo lo demás se encargan directamente ellos, y en principio, no debería ser un gran trabajo adaptarlo.
Cuando consiga que me pasen la documentación definitiva, realizaré la adaptación, y seguramente no tardaré mucho. En estos momentos Redsys dará soporte a funcionar sin la PSD2 hasta noviembre (cómo mínimo), pero alguno dicen que lo van a alargar ya que es muy mala fecha por el tema de las fiestas navideñas.
Saludos
Hola Jose,
gracias por la informacion.
Yo queria consultarte si este plugin permite pago recurrentes usando redsys. Es decir, capturar los datos del cliente junto al token, y mes a mes hacer el envio via webservice de los datos del cliente a debitar la tarjeta.
Todo esto lo administra wordpress-subcriptions-redsys?
gracias!!!
Hola,
Si, la versión premium lo hace, necesitando el plugin WooCommerce Subscriptions.
Puedes ver todo lo que tiene en esta página https://plugins.joseconti.com/diferencias-entre-las-versions-de-redsys-para-woocommerce/
Saludos