Last Updated: 04-07-19
In preparation for the EU Payment Service Directive 2 (PSD2) and related Strong Customer Authentication (SCA) requirements effective from 14th September 2019, British Airways has been implementing 3-D Secure 1.0 capability into its NDC 17.2 APIs.
Currently, British Airways is developing 3-D Secure version 1.0 in their 17.2 NDC APIs through OrderCreateRQ and OrderChangeRQ. Please be advised that those two affected APIs will have new end-points ( OrderCreate/api/V2 and OrderChange/api/V2 ). In the current 17.2 schema flow, which only supports 3-D Secure 1.0, the authentication is initiated and performed using British Airways’ Payment Service Provider (PSP) technology.
Following the communication from March 2019, please be reminded that British Airways will be disabling card payment functionality on 16.1 and earlier NDC API schema versions.
British Airways is proactively working with IATA to ensure timely delivery of 3-D Secure version 2.0 and higher (EMVCo 3-D Secure 2.0+). Currently, IATA is in the process of finalising a schema change for 19.2 PADIS schema version enabling 3-D Secure 2.0. The proposed changes are planned to be “retrofitted” into 17.2 PADIS schema version which will enable sellers to perform 3DS2 authentication using their own PSPs.
British Airways strongly recommends getting in touch with your payment service providers to seek guidance about the scope of PSD2 and discuss your individual requirements.
Given the deadline is 14th September, it is imperative that you are already developing against the British Airways 3-D Secure Version 1.0 technical documentation.
If your NDC API connection method is via a third party technology provider or aggregator, then please contact them for their implementation plans.
For all British Airways and Iberia Portal users, further communication will be sent out shortly.
Should you have any more questions, please visit our FAQ section .