Mastercard is introducing a new cryptogram to be used in Secure Element and Mastercard Cloud-based Payments (MCBP) token transactions. The new cryptogram will support the Strong Customer Authentication (SCA) requirements mandated by the European PSD2 regulation, which includes dynamically linking the transaction to an amount and a specific merchant for remote commerce transactions.
What does the change mean?
This dynamic linking verification process will compare the amount and merchant on both the authorization request and the cryptographic data through the following methods:
- A comparison between the amount in the payment authorization request, and the amount agreed to be paid by the consumer during the checkout process as captured in the cryptogram.
- A comparison between the Remote Commerce Acceptor Identifier, or merchant, in the authorization request, as well as the one agreed to be paid to by the consumer during the checkout process as captured in the cryptogram.
- An indication of whether SCA was or wasn’t delegated by the issuer, and performed by the consumer on the device at the time of transaction as captured in the cryptogram.
How will this affect you?
Merchants are required to support and submit the new cryptogram type and the identifier such as the merchant business website URL or reverse domain name. Payvision will update the technical integration documentation with these fields accordingly.
June 9, 2020