We have just finished integrating our product to SagePay version 3 which brings with it ‘Tokens’ which in layman’s terms means we can now offer ‘Remember My Card Details’ as a feature. It is secure because SagePay remembers the card not us. How much validation then should be applied when someone wants to reuse a card? We are going to want them to log in so to protect the ‘token’ but are we going to want them to enter their security number again? Do we want 3d Secure validation by the bank to be triggered?
We have given this quite a lot of thought and we think you might want to do this differently for B2C and B2B customers. You might place a much higher degree of trust in customers who have a sales ledger account and buy from you all the time over walk ins who only buy occasionally. To that end we have configured Shopfront so that you can lift 3D Secure for B2B customers but leave it in place for B2C. This means that ordering that vital part via the mobile site while on a customer site just got easier for your account customers.