3D Secure/Taking credit card payments

Well if you can't do it without their involvement and it comes down to cost. Your options are to suck it up, as the "overcharge" is all internal and ClientCo is not actually losing out. Or if it's blowing a hole in your budget, rise the concern with the project board or w/e. 80 man-days is definitely excessive for the work involved, but it's not uncommon for line managers to exaggerate effort, either to "look busy" or to plug holes in their budgets.

It depends on how it was implemented, again this was a few years ago, but if not using a 3rd party, i remember you had to change your code, so, it vaguely went, push data to card provider, they responded with some tokens and if 3d secure was required. You needed to handle the various 3d secure error codes. If multiple payment providers you may need functionality to switch this on and off for each provider.

Then you had to display an iframe and pass in the token details. You had to provide a call back url so you could then update the transaction your side.

I think you needed a bit of javascript then to handle displaying the success or failure of payment.

But if you implemented a 3rd party gateway then it may have been as simple as clicking on the checkbox for 3d secure.

Again, this was a few years ago, so it may have changed.

It's not 80 days work but one person, talking to card people, delays, getting things setup, programming, testing and 4 weeks sounds possible. 4 people, 4 weeks sounds a piss take unless there is something we don't know.

Am currently using Stripe for taking payments on a website. Got some news from them in the last few months about changes due to SCA coming into effect. Didn't take much effort to "upgrade" - just needed to ensure the WordPress payment plugin supported SCA, and it was good to go.

Guess it depends on who your payment gateway provider is, and how your website works with it.