Customer Incident Report: 3DS Payment Processing Issue
Summary
On 30 April 2026, an issue affected some payment journeys that required 3D Secure authentication. During the incident, some customers may have been unable to complete payments successfully where 3D Secure verification was required.
The issue was caused by an expired authentication component used within our 3D Secure integration. Once identified, this was renewed and updated across the affected services.
A further affected service path was later identified following customer reporting affecting a single customer and was resolved on 6 May 2026.
Impact
The issue affected some online payment attempts that required 3D Secure authentication.
Customers attempting affected transactions may have experienced failed or interrupted payment journeys. Not all payment types or customers were affected.
There is no evidence from this incident of unauthorised access, data compromise, or payment card data exposure.
Timeline
Date / Time | Event |
|---|
30 April 2026, approximately 11:33 BST | Initial signs of 3D Secure payment failures were detected. |
30 April 2026, 11:45 BST | An internal incident was raised and investigation began. |
30 April 2026, 11:55 BST | The cause was identified as an expired authentication component used by the 3D Secure integration. |
30 April 2026, approximately 12:30 BST | A replacement was generated and applied to the affected services. |
5 May 2026 | A permanent software update was progressed to ensure future releases included the updated component. |
6 May 2026 | A further affected service path was reported, investigated, and resolved. |
Root Cause
The incident was caused by an expired authentication component used by our 3D Secure integration.
This prevented some services from completing the required 3D Secure authentication step, resulting in failed payment attempts for affected journeys.
Resolution
A replacement authentication component was generated and applied to the affected services. The relevant software configuration was also updated so that future deployments include the corrected version.
Following further customer reporting, an additional affected service path was identified and resolved on 6 May 2026.
Corrective and Preventative Actions
We have identified the following actions to reduce the likelihood of recurrence:
Action | Status |
|---|
Update the affected 3D Secure integration component across services. | Completed |
Ensure future software releases include the updated component. | Completed / verified through release process |
Review affected payment journeys and service paths to confirm coverage. | Completed |
Improve renewal tracking and alerting for time-sensitive integration components. | In progress |
Review deployment processes to reduce reliance on manual updates. | In progress |
Improve post-incident validation across customer-specific payment journeys. | In progress |
Customer Guidance
Any affected payment attempts during the incident window may need to be retried by the payer.
Where there is any uncertainty about the final status of a payment attempt, please contact Encoded Support so we can assist with checking the transaction outcome.
