Important update regarding authentication methods used to interact with Judopay products.
As part of our ongoing commitment to security and compliance, as of 6th June 2024, we will no longer be supporting the use of one-use tokens to authenticate requests sent to Judopay's APIs and SDKs.
As a result, you must transition to Payment Session Authentication (more details below). We’re reaching out to you as you are among the few merchants who have not yet made this shift.
Why are we deprecating one-use tokens?
Since the Strong Customer Authentication (SCA) mandate, we’ve been actively encouraging merchants to move away from one-use tokens. One use-tokens are not considered to be fully SCA compliant, and we’re taking proactive measures to ensure the highest level of security for your transactions.
What does this mean for you?
From 6th June 2024, any authentication requests using one-use tokens will not be processed. To ensure the continued security of your transactions, you can no longer use this method of authentication.
Payment Session Authentication: A more secure alternative.
It’s vital you transition to using payment session authentication for your transactions. Payment session authentication not only provides a more robust security framework but also ensures compliance with SCA standards.
To guide you through the implementation of payment session authentication, you can find step-by-step instructions and best practices in our documentation here.
Next Steps:
Important update regarding authentication methods used to interact with Judopay products.
As part of our ongoing commitment to security and compliance, as of 6th June 2024, we will no longer be supporting the use of one-use tokens to authenticate requests sent to Judopay's APIs and SDKs.
As a result, you must transition to Payment Session Authentication (more details below). We’re reaching out to you as you are among the few merchants who have not yet made this shift.
Why are we deprecating one-use tokens?
Since the Strong Customer Authentication (SCA) mandate, we’ve been actively encouraging merchants to move away from one-use tokens. One use-tokens are not considered to be fully SCA compliant, and we’re taking proactive measures to ensure the highest level of security for your transactions.
What does this mean for you?
From 6th June 2024, any authentication requests using one-use tokens will not be processed. To ensure the continued security of your transactions, you can no longer use this method of authentication.
Payment Session Authentication: A more secure alternative.
It’s vital you transition to using payment session authentication for your transactions. Payment session authentication not only provides a more robust security framework but also ensures compliance with SCA standards.
To guide you through the implementation of payment session authentication, you can find step-by-step instructions and best practices in our documentation here.
Next Steps:
To continue processing American Express (Amex) transactions on your mobile apps, an urgent upgrade is required, to the latest versions of our JudoKit SDKs for Android, iOS, and React Native.
From the 13th October 2023, AMEX requires all JudoKit Mobile SDKs to use the latest AMEX encryption certificates. To ensure uninterrupted processing of AMEX transactions and to remain compliant with their requirements, we’ve released an updated version of the JudoKit Mobile SDKs which incorporate the latest AMEX encryption certificate.
Failure to upgrade will likely result in being unable to process AMEX transactions. We understand the urgency of this upgrade and are here to assist you every step of the way. Our support team is available to answer any questions and provide guidance as needed.
To upgrade to the latest versions of JudoKit SDKs, please follow these links.
Android: Version 4.1.3
iOS: Version 3.2.5
React Native: Version 4.1.3
Please note - The latest SDK was made available on 3rd October. If you've recently upgraded before 3rd October, please follow the "Action Required" steps to upgrade to the latest version, or your app won't be compliant.
To continue processing American Express (Amex) transactions on your mobile apps, an urgent upgrade is required, to the latest versions of our JudoKit SDKs for Android, iOS, and React Native.
From the 13th October 2023, AMEX requires all JudoKit Mobile SDKs to use the latest AMEX encryption certificates. To ensure uninterrupted processing of AMEX transactions and to remain compliant with their requirements, we’ve released an updated version of the JudoKit Mobile SDKs which incorporate the latest AMEX encryption certificate.
Failure to upgrade will likely result in being unable to process AMEX transactions. We understand the urgency of this upgrade and are here to assist you every step of the way. Our support team is available to answer any questions and provide guidance as needed.
To upgrade to the latest versions of JudoKit SDKs, please follow these links.
Android: Version 4.1.3
iOS: Version 3.2.5
React Native: Version 4.1.3
Please note - The latest SDK was made available on 3rd October. If you've recently upgraded before 3rd October, please follow the "Action Required" steps to upgrade to the latest version, or your app won't be compliant.
If you’re not the tech contact at your company, please forward this email on to the relevant person / team.
Recently, we’ve identified an external dependency issue that requires attention - before your next app update. To ensure the continued smooth operation of your payment processing, we’re asking all Judopay merchants to upgrade to the latest versions of Judokit Android and Judokit React Native as soon as possible.
One of our partners has transitioned their library from JFrog Artifactory to Maven Central. From the 22nd of September, this third-party library hosted on JFrog will no longer be available. This means that you will no longer be able to build your apps without upgrading to the latest versions of the JudoKit Android (v4.1.2) and Judokit React Native (v4.1.2) SDKs.
This is especially critical for merchants who are actively developing apps or with plans to release an app update. You will be unable to build your apps during development without actioning the below.
This does not affect any applications that have already been deployed by you.
By upgrading to the latest versions of Judokit Android (v4.1.2) and Judokit React Native (v4.1.2), your IDE will download dependencies from the correct repositories, and you can continue your app build without any issues.
Upgrade your integration to the latest versions of Judokit Android and Judokit React Native, using the links below, as soon as possible to avoid any issues.
JudoKit Android: https://github.com/Judopay/JudoKit-Android/releases/tag/v4.1.2
JudoKit ReactNative: https://github.com/Judopay/JudoKit-ReactNative/releases/tag/v4.1.2
If you’re not the tech contact at your company, please forward this email on to the relevant person / team.
Recently, we’ve identified an external dependency issue that requires attention - before your next app update. To ensure the continued smooth operation of your payment processing, we’re asking all Judopay merchants to upgrade to the latest versions of Judokit Android and Judokit React Native as soon as possible.
One of our partners has transitioned their library from JFrog Artifactory to Maven Central. From the 22nd of September, this third-party library hosted on JFrog will no longer be available. This means that you will no longer be able to build your apps without upgrading to the latest versions of the JudoKit Android (v4.1.2) and Judokit React Native (v4.1.2) SDKs.
This is especially critical for merchants who are actively developing apps or with plans to release an app update. You will be unable to build your apps during development without actioning the below.
This does not affect any applications that have already been deployed by you.
By upgrading to the latest versions of Judokit Android (v4.1.2) and Judokit React Native (v4.1.2), your IDE will download dependencies from the correct repositories, and you can continue your app build without any issues.
Upgrade your integration to the latest versions of Judokit Android and Judokit React Native, using the links below, as soon as possible to avoid any issues.
JudoKit Android: https://github.com/Judopay/JudoKit-Android/releases/tag/v4.1.2
JudoKit ReactNative: https://github.com/Judopay/JudoKit-ReactNative/releases/tag/v4.1.2
From 30th July, Mastercard will begin checking for additional data in Merchant Initiated Transactions (MIT) / Recurring transactions, to further minimise fraud. This means that we need you to start sending us an additional data point - ReceiptIDs - to ensure that your payments aren’t impacted.
If you do not complete the below update by 30th July, the success rate of your transactions may be impacted and you could risk being issued a fine by Mastercard.
When a customer signs up to a recurring payment, a ReceiptID is generated. This ‘relatedReceiptID’ is what then needs to be referenced in the future merchant initiated transactions for that customer, giving assurance to Mastercard that the customer has agreed for these recurring transactions to be made.
You need to make sure that you have a ReceiptID for all customers using MIT/Recurring payments and that you’re sending us the ‘relatedReceiptID’ in your relevant transactions.
If you don’t have a record of ReceiptIDs…
We encourage you to ask your customers to re-register their cards with you so that you can generate and capture a ReceiptID for that customer.
To start sending us ReceiptIDs…
You need to start referencing the original transactions ReceiptID when sending us MIT/Recurring transactions.
For example:
For details on ReceiptIDs, referencing ReceiptIDs and for example Transaction API references click the button below. Visit documentation.
From 30th July, Mastercard will begin checking for additional data in Merchant Initiated Transactions (MIT) / Recurring transactions, to further minimise fraud. This means that we need you to start sending us an additional data point - ReceiptIDs - to ensure that your payments aren’t impacted.
If you do not complete the below update by 30th July, the success rate of your transactions may be impacted and you could risk being issued a fine by Mastercard.
When a customer signs up to a recurring payment, a ReceiptID is generated. This ‘relatedReceiptID’ is what then needs to be referenced in the future merchant initiated transactions for that customer, giving assurance to Mastercard that the customer has agreed for these recurring transactions to be made.
You need to make sure that you have a ReceiptID for all customers using MIT/Recurring payments and that you’re sending us the ‘relatedReceiptID’ in your relevant transactions.
If you don’t have a record of ReceiptIDs…
We encourage you to ask your customers to re-register their cards with you so that you can generate and capture a ReceiptID for that customer.
To start sending us ReceiptIDs…
You need to start referencing the original transactions ReceiptID when sending us MIT/Recurring transactions.
For example:
For details on ReceiptIDs, referencing ReceiptIDs and for example Transaction API references click the button below. Visit documentation.
I wrote to you recently advising you that from 14th October 2022, 3D Secure v.1.0 will no longer be supported by Visa, American Express, Mastercard and others. If you have not already done so, I strongly advise you to enable 3D Secure v2.0 as soon as possible to avoid your payments failing.
To assess your 3DS2 readiness please check the guidance below in relation to how you manage your payments with Judopay: See guidance.
I wrote to you recently advising you that from 14th October 2022, 3D Secure v.1.0 will no longer be supported by Visa, American Express, Mastercard and others. If you have not already done so, I strongly advise you to enable 3D Secure v2.0 as soon as possible to avoid your payments failing.
To assess your 3DS2 readiness please check the guidance below in relation to how you manage your payments with Judopay: See guidance.
