Page MenuHomePhabricator

3DS needed on CarteBaincaire in France
Closed, ResolvedPublic

Assigned To
None
Authored By
EMartin
Jul 21 2022, 4:35 PM
Referenced Files
F35377851: image.png
Aug 1 2022, 7:12 PM
F35335821: image.png
Jul 25 2022, 3:12 PM
F35328693: image.png
Jul 21 2022, 4:52 PM
F35328684: image.png
Jul 21 2022, 4:35 PM
Tokens
"Like" token, awarded by spatton.

Description

FrTech, We are experiencing high payment declines on CarteBanciare in France due to authentication. Is it possible to add 3DS authentication on Carte Bancaire cards in France or perform 3DS in all of France to correct this? I attempted to set a rule to invoke 3DS through the Adyen console, but this did not seem to work. Please let me know what may be possible here given the new integration. Carte Bancaire rejects to give you an idea:

image.png (349×1 px, 55 KB)

Related Objects

StatusSubtypeAssignedTask
ResolvedNone
ResolvedNone

Event Timeline

I set rules in the Adyen console to try to address this by device type. Monitoring impact of these settings to see if they apply.

image.png (238×1 px, 47 KB)

Hi @EMartin and @TSkaff

I picked up @TSkaff 's message on IRC and have enabled 3DS in France for payments made in Euro.

We don't currently support the option to switch on 3DS for targetted payment submethods, e.g. Cartes Bancaires, so this change will take effect across all Visa, Mastercard, Amex and Cartes Bancaires payments made from France using Euro as the currency. We could add support for more granular controls, but at the moment, I can't see a way to do it with the code we have.

Let me know if this broader change is ok. If not, we can roll it back before the email send on Monday.

Thanks!

@jgleeson Thanks for the after hours response, Jack. Since we have to enable 3DS on everything vs nothing, I think everything should get a better result with it on. It's hard to say without testing so I say we proceed with the campaign with it on and see how we fare. It should hopefully help Carte Bancaire which has the biggest share in this market. @nisrael I think we are in the best place to proceed with email 2 now.

The 3DS refusals are still happening on Carte Bancaire cards, I'm afraid. The refusals are everywhere on the front and weekend transaction pages of Adyen, and in calls for help from donors in the Zendesk queue.

France Email 2 is in 8 hours. Does anyone have the authority here to pull that pin. I strongly suggest we do. I realise it is Monday here, but Sunday everywhere else so key players may not read this in time.

@KHancock99 Hi Kris, I asked folks on Slack if they could cancel the sends (if they see this in time) but could you be specific about what you're seeing ... since Jack has enabled 3DS on everything, where could the refusals be coming from?

Hi @TSkaff it is the same error message at Adyen as last week on Carte Bancaire cards: "A1 : Authentication Required", and only on Carte Bancaire cards.

I guess we really need @EMartin to really look at the numbers of payment declines over the last 48 hours to deem if the pause is worthy, but my gut says it is.

I'm not sure if this helps, but I just did a manual count through the transaction pages at Adyen of the Authentication Required refusal codes via Carte Bancaire cards and it was around 348 refusals over the last 48 hours.

Hi all.

I can also see in the logs a large number of Carte Bancaire failures from Adyen coming back with the 'Authentication required' response.

Adyen is sending back refusal code 38 for these, which means 'The issuer declined the authentication exemption request and requires authentication for the transaction. Retry with 3D Secure.' according to https://docs.adyen.com/development-resources/refusal-reasons. However, we are sending over the flag to enable 3D Secure with Adyen payments, including Carte Bancaire so we should probably reach out to Adyen at this point.

I can see in the logs that Adyen payments from France are now being redirected to the 3D Secure challenge URL, and there are successful Carte Bancaire 3D secure payments, albeit only one!

Hi All, we are roughly at the same decline % since turning on 3DS. I have also set rules in the console to invoke 3DS which has been confirmed as valid by Adyen. I am inquiring further with Adyen as to why we are seeing such a high decline rate on Carte Bancaire and will advise further if they have any advice.

image.png (450×1 px, 36 KB)

@jgleeson Thanks Jack, I have added FRTech to the thread with Adyen concerning this matter and included your findings. Much appreciated.

@EMartin we have a fix that will start sending the browserInfo for all Adyen card payments in countries/currencies configured for 3DS, without checking the card type. For FR/EUR that should be fine, as EUR has the mandate for all cards to support it.

Before we deploy, I'm just waiting for confirmation from Adyen that we won't cause problems in other places by sending the browserInfo even for card types not known to support 3DS.

Reply from Adyen:
"Indeed, always sending browserInfo is definitely recommended. And is the default of what merchants are doing. Let me know if you have any questions on this."

Hi @EMartin, we have just deployed that fix for the problem that @jgleeson found, removing the check on brand/card type. This should make sure browserInfo is sent for all EUR transactions in France.

Our logic still relies on keeping our local list of 3DS countries/currencies in sync with the Adyen console list, so please let us know when you want to turn it on for other countries.

@jgleeson @Ejegg Great news both! We will monitor France activity and ensure we are good to go with the campaign. Your attention here is much appreciated!! @RKumar_WMF fyi

Unfortunately this doesn't seem to be an issue of the past: we've seen donors reporting errors since the email send an hour ago, and 800 declines all Carte Bancaire.

If fr-tech cannot find an issue our end, should we assume that this is the new normal given the rollout of 3DS there?

FYI @EMartin @RKumar_WMF @TSkaff

I ran a report and do see 350+ Carte Bancaire transactions in Refused status in the Adyen console. The reason code is Acquirer response
3D Not Authenticated (3d-secure 2: Authentication failed).

spatton triaged this task as Unbreak Now! priority.Jul 28 2022, 9:20 PM
spatton added a subscriber: spatton.

I know @EMartin, @TSkaff, @greg, @jgleeson and others are looking at this super actively; I am triaging it as Unbreak Now because it is significantly impacting our ability to send our emails and convert donors over in Online Fundraising.

@spatton Sam, Adyen is saying our declines are legitimate 3DS declines and are wanting to change some settings on our account to see if that improves the situation. I'm learning about the implications of those changes now. Adyen is not reporting further bugs on our end so at the present time there doesn't seem to be anything FRTech can do here. I'll understand these settings, get them implemented and we can watch the results. I think that's our best option for now.

@Adyen is changing the settings on our account (on 28 July), to retry declined 3DS transactions without 3DS to see if we get a lift in approval rates on Carte Bancaire. We will monitor this for a day or two and assess if approval rates improve.

Note to the Phab: Adyen confirms that the setting to retry is in place now to retry 3DS declines WITHOUT 3DS to see if we can get an approval on the transaction. 5:05pm 28 July. Evelyn&team to monitor @RKumar_WMF Please note whether we see improvement on trxs after this time. Things will still decline but do we see them later approved?

29th July 5 pm PST (0:00 UTC) 13:30pm India time (8:00 am UTC)
Total transactions received: 828
Authorized/Settled: 589
Auth rate: 71%
Total Rejections: 239
Rejection rate: 29%
3d-secure 2: Authentication failed: 196 (82% of total rejections)

I do not see any improvement in the auth rate for Carte Bancaire as of now.

Just a little update with some of the qualitative feedback we've seen from donors since inviting the ones who had failed since Friday to retry en masse on Weds:

While prior to the Weds fix the 3DS error message we were seeing was ‘⚪ Authentication required (A1 : Authentication Required),’ the error message we’re seeing now is ‘🔴 3D Not Authenticated (3d-secure 2: Authentication failed).’ (ZD. 1143020, 1142986, 1142987). This indicates that donations are now going through the 3D Secure authentication system (but are still returning refusals in these cases, for whatever reason).

Some donors (1142295) were able to retry their donation after the initial refusal and received an approval status.
Other donors (1143020) have said they’d reached out to the bank to authorize the transaction, and are still getting a refusal
One donor (1142287) said they verified by SMS and got a “approved” message, but on our side, the transaction declined.

It's a really mixed bag.

Let me know if you want transaction IDs for the above. It's just a handful, so probably not, but thought it could be useful to see how hit and miss this appears to be.

I have confirmed that Adyen is retrying on the VI/MC networks. Watching results over the next couple of days.

Hi...! Thanks so much, everyone! Following the e-mail thread on this with Adyen, it looks like there may have been a technical issue with the Cartes Bancaires network, and Adyen's switch most processing over to MC/Visa fixed things? In any case, I'll can still keep an eye on this for confirmation on our end... :)

Yes, the results are looking promising so far using Vi/MC. We'll be monitoring it over the weekend.

Note: This is still an issue as we do not know what was causing the CarteBancaire declines on that network. We have rerouted traffic to process on the VI/MC network FIRST but that doesn't solve the issue where we saw 30+% declines for authentication on CarteBancaire. It could be that CB network has more rigorous fraud rules and is turning more transactions away. Adyen is saying our declines on CB were legitimate, however, when processed as VI/MC we aren't seeing the declines. I'm waiting on more info from Adyen on this. I did read on various Payment industry blogs to try the VI/MC first approach and that seems to be working. There may not be anything to fix, just issuers in France being more stringent. I'll post what I learn here.

greg lowered the priority of this task from Unbreak Now! to Medium.Aug 1 2022, 6:23 PM

(Moving priority down to Medium from UBN! until we learn more. Thanks!)

hi @EMartin. Thanks for the update.

I'm wondering now if we needed to enable 3DS-by-default at all, now that we're processing through Vi/MC. I guess it's better from an antifraud perspective but potentially worse when trying to measure the success of new campaigns and emails, as the additional drop-off due to 3DS might distort any analytics afterwards.

Hi Jack, 3DS is currently not enabled on VI/MC in France from what I'm seeing in the console, correct? If so, I say we leave it as is. We are seeing high approval rates on those networks with our current config.

image.png (234×675 px, 26 KB)

Hi Jack, 3DS is currently not enabled on VI/MC in France from what I'm seeing in the console, correct? If so, I say we leave it as is. We are seeing high approval rates on those networks with our current config.

image.png (234×675 px, 26 KB)

Wait, so are we just seeing higher auth rates because 3DS is effectively off now? Would you expect to see the same increase in auth rates by turning off 3DS for Carte Bancaire?

We had 3DS both active and inactive on the Carte Bancaire network. Both showed high failures. We moved to VI/MC network and we see 95% approvals now. I note in a spot check of multiple transactions that 3DS does not seem to be on (Jack please confirm). We are seeing solid results using the VI/MC network in France now. I'm still working with Adyen to understand what the challenge is w/ CB's network.

I note in a spot check of multiple transactions that 3DS does not seem to be on [...] please confirm.

Hi! Thanks for all this... :) So perhaps the first thing to verify here would be that 3DS is or was on in the Adyen console for the countries and currencies those transactions are in? We haven't changed the 3DS settings on our end. So we're still sending all the fields needed for 3DS for Euros in France. Thus, whether or not 3DS is actually invoked for those transactions should depend only console settings, I think.

Hope this helps! :)

XenoRyet set Final Story Points to 1.

Note to Phab on this issue: Discussion with Adyen and FRTech today. Their advice is to send the parameters to perform 3DS and Adyen will selectively invoke 3DS on the Carte Bancaire network if it is required by issuer. We DID start sending the parameters as of 25 July but still saw declines on Carte Bancaire. Action: Matt, our Account Manager to circle back with Adyen product or Carte Bancaire to explore causes further. Adyen confirms that no other merchant is seeing the extent of the declines that we were so something is still awry. For now we can process on VI/MC and the CB bugged only cards will process through CB, so no lost transactions. Not currently mission critical, but needs sorting. Evelyn to pursue with Matt in weekly calls. On the Payments Adyen tracker and I will update here if I learn anything further.