{"title":"Credit Card Security Guidelines","category":"default","creationDate":1676995080,"content":"<p>The Credit Transaction Security Council of Japan announced that all online credit card payments in Japan will require <a href=\"\/pt\/get-started-with-adyen\/adyen-glossary\/#strong-customer-authentication-sca\">Strong Customer Authentication<\/a> (SCA) for credit cards processed over Japan acquiring connections, effective <strong>April 01, 2025<\/strong>. This means that all transactions that fall under the scope of the regulation must be authenticated with 3D Secure.<\/p>\n<p>The information we provide in this guide can help you prepare for complying with regulations in Japan. However, the information here should not be taken as legal advice. This guide supplements the following sources:<\/p>\n<ul>\n<li>Regulatory guidance provided by official domestic authorities.<\/li>\n<li>Card scheme regulations.<\/li>\n<li>EMVCo specifications for the 3D Secure 2 protocol.<\/li>\n<\/ul>\n<h2>Credit Card Security Guidelines 5.0<\/h2>\n<p>The guidelines have implications for <a href=\"#online-payments\">online<\/a> and <a href=\"#in-person\">in-person<\/a> payments.<\/p>\n<h3 id=\"online-payments\">Online payments<\/h3>\n<p>All merchants that process online credit card payments in Japan must implement <a href=\"\/pt\/online-payments\/3d-secure-for-regulation-compliance\/\">3D Secure 2 authentication for regulation compliance<\/a> in their online payments flow, according to the <a href=\"https:\/\/www.j-credit.or.jp\/security\/document\/index.html#EMV3DS\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Credit Card Security Guidelines 5.0<\/a>(Japanese).<\/p>\n<p>The regulation aims to reduce card fraud in digital transactions and prevent fraudulent use of credit card information, and applies to payments with credit cards issued in and outside of Japan. According to the guidelines, all online credit card payments require 3D Secure 2 authentication, except <a href=\"#out-of-scope\">out-of-scope<\/a> transactions.<\/p>\n<h3 id=\"in-person-payments\">In-person payments<\/h3>\n<p>If you have an in-person payments integration, the following will apply:<\/p>\n<ul>\n<li>You can no longer <a href=\"\/pt\/point-of-sale\/add-data\/tender-options\/#tender-options-saletoacquirerdata\">bypass PIN entry<\/a>.<\/li>\n<li><a href=\"\/pt\/point-of-sale\/shopper-engagement\/shopper-input\/signature\/\">Obtaining a signature<\/a> will no longer be a valid cardholder verification method.<\/li>\n<\/ul>\n<p><a href=\"\/pt\/point-of-sale\/\">In-person payments<\/a> integrations with Adyen remain compliant, and you do not need to take any action.<\/p>\n<h2 id=\"in-scope\">In-scope transactions<\/h2>\n<p>All online credit card payments that do not meet the <a href=\"#out-of-scope\">out-of-scope<\/a> criteria are in-scope and require 3D Secure 2 authentication.<\/p>\n<p>If you <a href=\"#implement-3ds-with-adyen\">implement 3D Secure 2 with Adyen<\/a>, our Authentication Engine is enabled by default and handles compliance for you. We determine the transactions that fall under the scope of the regulation and trigger 3D Secure 2 for in-scope transactions.<\/p>\n<p>If you process <a href=\"\/pt\/online-payments\/tokenization#recurring-payment-types\">recurring payments<\/a>, some transactions are in-scope. Whether a transaction is in-scope depends on the recurring payment type and moment:<\/p>\n\n<div id=\"tabEwv2Z\">\n    <div data-component-wrapper=\"tabs\">\n        <tabs\n                        :items=\"[{&quot;title&quot;:&quot;One-off payments&quot;,&quot;content&quot;:&quot;\\n&lt;p&gt;One-off transactions where a shopper can either store their payment details or pay in your website or app at a later time using their saved details.&lt;\\\/p&gt;\\n&lt;table&gt;\\n&lt;thead&gt;\\n&lt;tr&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;&lt;\\\/th&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;SCA required?&lt;\\\/th&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;&lt;code&gt;recurringProcessingModel&lt;\\\/code&gt;&lt;\\\/th&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;&lt;code&gt;shopperInteraction&lt;\\\/code&gt;&lt;\\\/th&gt;\\n&lt;\\\/tr&gt;\\n&lt;\\\/thead&gt;\\n&lt;tbody&gt;\\n&lt;tr&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;Initial payment&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;img title=\\&quot;-white_check_mark-\\&quot; alt=\\&quot;-white_check_mark-\\&quot; class=\\&quot;smileys\\&quot; src=\\&quot;\\\/user\\\/data\\\/smileys\\\/emoji\\\/white_check_mark.png\\&quot; \\\/&gt; &lt;br&gt;&lt;a href=\\&quot;#engine\\&quot;&gt;See exemptions&lt;\\\/a&gt;&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;CardOnFile&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;Ecommerce&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;Later payment(s)&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;a href=\\&quot;#engine\\&quot;&gt;Only in some cases&lt;\\\/a&gt;&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;CardOnFile&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;ContAuth&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;\\\/tbody&gt;\\n&lt;\\\/table&gt;\\n&lt;p&gt;&lt;a id=\\&quot;engine\\&quot;&gt;&lt;\\\/a&gt;&lt;\\\/p&gt;\\n&lt;h3&gt;Risk-based authentication&lt;\\\/h3&gt;\\n&lt;p&gt;Adyen can exempt &lt;strong&gt;CardOnFile&lt;\\\/strong&gt; transactions from strong customer authentication (SCA) based on our risk assessment powered by machine learning. Our Authentication Engine helps decide when 3D Secure 2 is required and when it is optional.&lt;\\\/p&gt;\\n&lt;p&gt;SCA is not required for the following transactions:&lt;\\\/p&gt;\\n&lt;ul&gt;\\n&lt;li&gt;Any initial &lt;a href=\\&quot;\\\/pt\\\/get-started-with-adyen\\\/adyen-glossary\\\/#zero-value-auth\\&quot;&gt;zero-auth transaction&lt;\\\/a&gt; (&lt;strong&gt;Ecommerce&lt;\\\/strong&gt;, &lt;strong&gt;CardOnFile&lt;\\\/strong&gt;) that Adyen has classified as low risk.&lt;\\\/li&gt;\\n&lt;li&gt;Any later payment (&lt;strong&gt;ContAuth&lt;\\\/strong&gt;, &lt;strong&gt;CardOnFile&lt;\\\/strong&gt;) that uses a token that was previously authenticated, that Adyen has classified as low risk, and you tokenize cards with Adyen.&lt;\\\/li&gt;\\n&lt;li&gt;The transaction uses a token that was created before 1 April 2025. These transactions are considered out of scope of the regulation.&lt;\\\/li&gt;\\n&lt;\\\/ul&gt;\\n&lt;p&gt;For these transactions, Adyen will use your &lt;a href=\\&quot;#implement-3ds-with-adyen\\&quot;&gt;preference for 3D Secure 2&lt;\\\/a&gt; to determine whether to request SCA.&lt;\\\/p&gt;\\n&lt;p&gt;SCA is required for one-off transactions with a value higher than zero, payments with tokens that were not previously authenticated, and high-risk transactions.&lt;\\\/p&gt;\\n&quot;,&quot;altTitle&quot;:null,&quot;oldTabId&quot;:&quot;one-off_payments_0_1&quot;,&quot;relation&quot;:&quot;&quot;},{&quot;title&quot;:&quot;Subscriptions&quot;,&quot;content&quot;:&quot;\\n&lt;p&gt;A recurring transaction made at regular intervals for a product or a service.&lt;\\\/p&gt;\\n&lt;table&gt;\\n&lt;thead&gt;\\n&lt;tr&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;&lt;\\\/th&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;SCA required?&lt;\\\/th&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;&lt;code&gt;recurringProcessingModel&lt;\\\/code&gt;&lt;\\\/th&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;&lt;code&gt;shopperInteraction&lt;\\\/code&gt;&lt;\\\/th&gt;\\n&lt;\\\/tr&gt;\\n&lt;\\\/thead&gt;\\n&lt;tbody&gt;\\n&lt;tr&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;Initial payment&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;img title=\\&quot;-white_check_mark-\\&quot; alt=\\&quot;-white_check_mark-\\&quot; class=\\&quot;smileys\\&quot; src=\\&quot;\\\/user\\\/data\\\/smileys\\\/emoji\\\/white_check_mark.png\\&quot; \\\/&gt;&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;Subscription&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;Ecommerce&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;Later payment(s)&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;Only required when the shopper &lt;br&gt; agreement&#039;s terms change.&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;Subscription&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;ContAuth&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;\\\/tbody&gt;\\n&lt;\\\/table&gt;\\n&quot;,&quot;altTitle&quot;:null,&quot;oldTabId&quot;:&quot;subscriptions_1_2&quot;,&quot;relation&quot;:&quot;&quot;},{&quot;title&quot;:&quot;Automatic top-ups and other non-fixed schedule contracts&quot;,&quot;content&quot;:&quot;\\n&lt;p&gt;Contracts that occur on a non-fixed schedule using stored card details. This includes automatic top-ups when the cardholder&#039;s balance drops below a certain amount.&lt;\\\/p&gt;\\n&lt;table&gt;\\n&lt;thead&gt;\\n&lt;tr&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;&lt;\\\/th&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;SCA required?&lt;\\\/th&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;&lt;code&gt;recurringProcessingModel&lt;\\\/code&gt;&lt;\\\/th&gt;\\n&lt;th style=\\&quot;text-align: left;\\&quot;&gt;&lt;code&gt;shopperInteraction&lt;\\\/code&gt;&lt;\\\/th&gt;\\n&lt;\\\/tr&gt;\\n&lt;\\\/thead&gt;\\n&lt;tbody&gt;\\n&lt;tr&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;Initial payment&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;img title=\\&quot;-white_check_mark-\\&quot; alt=\\&quot;-white_check_mark-\\&quot; class=\\&quot;smileys\\&quot; src=\\&quot;\\\/user\\\/data\\\/smileys\\\/emoji\\\/white_check_mark.png\\&quot; \\\/&gt;&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;UnscheduledCardOnFile&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;Ecommerce&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;Later payment(s)&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;Only required when the shopper &lt;br&gt; agreement&#039;s terms change.&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;UnscheduledCardOnFile&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;td style=\\&quot;text-align: left;\\&quot;&gt;&lt;strong&gt;ContAuth&lt;\\\/strong&gt;&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;\\\/tbody&gt;\\n&lt;\\\/table&gt;\\n&quot;,&quot;altTitle&quot;:null,&quot;oldTabId&quot;:&quot;automatic_top-ups_and_other_non-fixed_schedule_contracts_2_3&quot;,&quot;relation&quot;:&quot;&quot;}]\"\n            :should-update-when-url-changes='false'>\n        <\/tabs>\n    <\/div>\n<\/div>\n\n<h2 id=\"out-of-scope\">Out-of-scope transactions<\/h2>\n<p>The following types of transactions are out-of-scope:<\/p>\n<ul>\n<li>Transactions made with prepaid and debit cards.<\/li>\n<li>Transactions initiated from devices that do not support 3D Secure, such as game consoles or smart speakers.<\/li>\n<li><a href=\"\/pt\/get-started-with-adyen\/adyen-glossary\/#mail-ordertelephone-order-moto\">MOTO<\/a> transactions.<\/li>\n<li>A recurring payment that happens under the same shopper agreement with the same card, such as a <a href=\"\/pt\/online-payments\/tokenization\/#recurring-payment-types\">subscription payment<\/a>.<\/li>\n<li>Transactions that occur in separate environments for business to business or internal employee purchases. <\/li>\n<li>All transactions where the shopper uses <a href=\"\/pt\/payment-methods\/google-pay\">Google Pay<\/a> or <a href=\"\/pt\/payment-methods\/apple-pay\">Apple Pay<\/a> to complete the payment.<\/li>\n<\/ul>\n<p>When you <a href=\"#implement-3ds-with-adyen\">implement 3D Secure 2 with Adyen<\/a>, we will not trigger 3D Secure for out-of-scope transactions.<\/p>\n<h2 id=\"implement-3ds-with-adyen\">Implement 3D Secure 2 with Adyen<\/h2>\n<p>To comply with the regulation, we recommend that you <a href=\"\/pt\/online-payments\/3d-secure\/\">implement 3D Secure 2 authentication with Adyen<\/a>. We determine whether the payment requires 3D Secure authentication, and ensure that you stay compliant by always applying 3D Secure if the transaction falls under the scope of the regulation.<\/p>\n<div class=\"notices yellow\">\n<p>If you do not implement 3D Secure 2 with Adyen, it is your responsibility to ensure that all online credit card payments that you request to process with Adyen are authenticated with 3D Secure 2. <a href=\"\/pt\/online-payments\/3d-secure\/other-3ds-flows\/authorize-mpidata\/#make-a-payment-with-third-party-authentication-data\">Send the third-party authentication data<\/a> in your payment request to Adyen.<\/p>\n<\/div>\n<p>Use one of the following compliant integrations:<\/p>\n<table>\n<thead>\n<tr>\n<th>Integration type<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><a href=\"https:\/\/github.com\/Adyen\/#online-payments\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Drop-in\/Components<\/a><\/td>\n<td>Pre-built UI elements available for Web, Android, iOS, React Native, and Flutter.<\/td>\n<\/tr>\n<tr>\n<td>Hosted Checkout<\/td>\n<td>Quick-to-integrate Adyen-hosted webpage solution.<\/td>\n<\/tr>\n<tr>\n<td>Plugins<\/td>\n<td>Adyen payments plugins for Adobe Commerce (formerly Magento 2), Salesforce Commerce Cloud, Shopware 5 and 6, Prestashop, SAP Commerce (Hybris), and Oracle Commerce Cloud.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>After you have set up one of the compliant 3D Secure 2 solutions, you can:<\/p>\n<ul>\n<li><strong>Let Adyen handle compliance by default<\/strong>: Adyen applies 3D Secure 2 when the transaction falls under the scope of the regulation. To mitigate any effects on conversion, we will not trigger 3D Secure for <a href=\"#out-of-scope\">out-of-scope<\/a> transactions. To make sure Adyen can handle the 3D Secure routing for you, make sure that:\n<ul>\n<li>Your <a href=\"\/pt\/risk-management\/dynamic-3d-secure\/#default-rules\">default Dynamic 3D Secure rule<\/a> is set to <strong>Prefer Not<\/strong>.<\/li>\n<li>You do not override the platform logic and block 3D Secure in your API requests by including:\n<ul>\n<li>Checkout API v69 or later:  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments#request-authenticationData-attemptAuthentication\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">authenticationData.attemptAuthentication<\/a>:<strong>never<\/strong><\/li>\n<li>Checkout API v68 or earlier:  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments#request-additionalData-AdditionalData3DSecure-executeThreeD\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">executeThreeD<\/a>: <strong>false<\/strong><\/li>\n<\/ul><\/li>\n<\/ul><\/li>\n<li><strong>Configure rules using Dynamic 3D Secure<\/strong>: Define additional conditions for transactions that you want to apply 3D Secure authentication on. For more information, refer to <a href=\"\/pt\/risk-management\/dynamic-3d-secure\/\">Dynamic 3D Secure<\/a>.<\/li>\n<li>\n<p><strong>Submit your preference for each transaction in your API request<\/strong>: Specify in each payment request whether you want to perform 3D Secure authentication on this transaction, by including:<\/p>\n<ul>\n<li><code>authenticationData.attemptAuthentication<\/code>:  Set to <strong>always<\/strong> if you want to perform 3D Secure authentication on this transaction, <strong>never<\/strong> if not. We do not recommend setting it to <strong>never<\/strong>.<\/li>\n<\/ul>\n<div class=\"sc-notice warning\"><div>\n<p>We recommend to submit preference in API requests only if you have extensive knowledge of the Credit Card Security Guidelines and the 3D Secure protocol, because this overrides our default 3D Secure 2 handling logic and may result in non-compliance and harm overall performance in regulated markets.<\/p>\n<\/div><\/div>\n<\/li>\n<\/ul>\n","url":"https:\/\/docs.adyen.com\/pt\/industries\/markets\/japan\/credit-card-security-guidelines-compliance-guide","articleFields":{"description":"Learn about the Credit Card Security Guidelines 5.0 in Japan.","parameters":{"sca-one-off":"true"},"last_edit_on":"21-02-2023 16:58","feedback_component":true,"page_id":"d663e77a-bf3b-48c9-950c-0ddf3139f586","filters_component":false,"decision_tree":"[]"},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/industries\/markets\/japan\/credit-card-security-guidelines-compliance-guide","title":"Credit Card Security Guidelines","content":"The Credit Transaction Security Council of Japan announced that all online credit card payments in Japan will require Strong Customer Authentication (SCA) for credit cards processed over Japan acquiring connections, effective April 01, 2025. This means that all transactions that fall under the scope of the regulation must be authenticated with 3D Secure.\nThe information we provide in this guide can help you prepare for complying with regulations in Japan. However, the information here should not be taken as legal advice. This guide supplements the following sources:\n\nRegulatory guidance provided by official domestic authorities.\nCard scheme regulations.\nEMVCo specifications for the 3D Secure 2 protocol.\n\nCredit Card Security Guidelines 5.0\nThe guidelines have implications for online and in-person payments.\nOnline payments\nAll merchants that process online credit card payments in Japan must implement 3D Secure 2 authentication for regulation compliance in their online payments flow, according to the Credit Card Security Guidelines 5.0(Japanese).\nThe regulation aims to reduce card fraud in digital transactions and prevent fraudulent use of credit card information, and applies to payments with credit cards issued in and outside of Japan. According to the guidelines, all online credit card payments require 3D Secure 2 authentication, except out-of-scope transactions.\nIn-person payments\nIf you have an in-person payments integration, the following will apply:\n\nYou can no longer bypass PIN entry.\nObtaining a signature will no longer be a valid cardholder verification method.\n\nIn-person payments integrations with Adyen remain compliant, and you do not need to take any action.\nIn-scope transactions\nAll online credit card payments that do not meet the out-of-scope criteria are in-scope and require 3D Secure 2 authentication.\nIf you implement 3D Secure 2 with Adyen, our Authentication Engine is enabled by default and handles compliance for you. We determine the transactions that fall under the scope of the regulation and trigger 3D Secure 2 for in-scope transactions.\nIf you process recurring payments, some transactions are in-scope. Whether a transaction is in-scope depends on the recurring payment type and moment:\n\n\n    \n        \n        \n    \n\n\nOut-of-scope transactions\nThe following types of transactions are out-of-scope:\n\nTransactions made with prepaid and debit cards.\nTransactions initiated from devices that do not support 3D Secure, such as game consoles or smart speakers.\nMOTO transactions.\nA recurring payment that happens under the same shopper agreement with the same card, such as a subscription payment.\nTransactions that occur in separate environments for business to business or internal employee purchases. \nAll transactions where the shopper uses Google Pay or Apple Pay to complete the payment.\n\nWhen you implement 3D Secure 2 with Adyen, we will not trigger 3D Secure for out-of-scope transactions.\nImplement 3D Secure 2 with Adyen\nTo comply with the regulation, we recommend that you implement 3D Secure 2 authentication with Adyen. We determine whether the payment requires 3D Secure authentication, and ensure that you stay compliant by always applying 3D Secure if the transaction falls under the scope of the regulation.\n\nIf you do not implement 3D Secure 2 with Adyen, it is your responsibility to ensure that all online credit card payments that you request to process with Adyen are authenticated with 3D Secure 2. Send the third-party authentication data in your payment request to Adyen.\n\nUse one of the following compliant integrations:\n\n\n\nIntegration type\nDescription\n\n\n\n\nDrop-in\/Components\nPre-built UI elements available for Web, Android, iOS, React Native, and Flutter.\n\n\nHosted Checkout\nQuick-to-integrate Adyen-hosted webpage solution.\n\n\nPlugins\nAdyen payments plugins for Adobe Commerce (formerly Magento 2), Salesforce Commerce Cloud, Shopware 5 and 6, Prestashop, SAP Commerce (Hybris), and Oracle Commerce Cloud.\n\n\n\nAfter you have set up one of the compliant 3D Secure 2 solutions, you can:\n\nLet Adyen handle compliance by default: Adyen applies 3D Secure 2 when the transaction falls under the scope of the regulation. To mitigate any effects on conversion, we will not trigger 3D Secure for out-of-scope transactions. To make sure Adyen can handle the 3D Secure routing for you, make sure that:\n\nYour default Dynamic 3D Secure rule is set to Prefer Not.\nYou do not override the platform logic and block 3D Secure in your API requests by including:\n\nCheckout API v69 or later:  authenticationData.attemptAuthentication:never\nCheckout API v68 or earlier:  executeThreeD: false\n\n\nConfigure rules using Dynamic 3D Secure: Define additional conditions for transactions that you want to apply 3D Secure authentication on. For more information, refer to Dynamic 3D Secure.\n\nSubmit your preference for each transaction in your API request: Specify in each payment request whether you want to perform 3D Secure authentication on this transaction, by including:\n\nauthenticationData.attemptAuthentication:  Set to always if you want to perform 3D Secure authentication on this transaction, never if not. We do not recommend setting it to never.\n\n\nWe recommend to submit preference in API requests only if you have extensive knowledge of the Credit Card Security Guidelines and the 3D Secure protocol, because this overrides our default 3D Secure 2 handling logic and may result in non-compliance and harm overall performance in regulated markets.\n\n\n\n","type":"page","locale":"pt","boost":16,"hierarchy":{"lvl0":"Home","lvl1":"Industries and markets","lvl2":"Markets","lvl3":"Compliant payments in Japan","lvl4":"Credit Card Security Guidelines"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/industries","lvl2":"https:\/\/docs.adyen.com\/pt\/industries\/markets","lvl3":"https:\/\/docs.adyen.com\/pt\/industries\/markets\/japan","lvl4":"\/pt\/industries\/markets\/japan\/credit-card-security-guidelines-compliance-guide"},"levels":5,"category":"","category_color":"","tags":["Credit","Security","Guidelines"]}}