Taking payments online? Then you need to know about Strong Customer Authentication (SCA)

If you run an e-commerce website or take any payments online, your payment provider may have contacted you about the new Strong Customer Authentication (SCA)  regulations coming into force on 14th September 2019. These regulations are part of PSD2 - a new EU Payment Services Directive.  You may need to make changes to how you take payments online to make them more secure. We are working with all our clients right now to make sure they stay secure and compliant with the new regulations.

What is Strong Customer Authentication (SCA)?

Online payments specialist Stripe sum it up nicely:

Strong Customer Authentication (SCA), a new rule coming into effect on September 14, 2019, as part of PSD2 regulation in Europe, will require changes to how your European customers authenticate online payments. Card payments will require a different user experience, namely 3D Secure, in order to meet SCA requirements. Transactions that don’t follow the new authentication guidelines may be declined by your customers’ banks.

If your payment process already incorporates 3D Secure checks then you are most likely compliant for now but there are changes coming in regulations that will require 3D Secure 2 so it is worth checking what version your current payment provider is using.

What do I Need to do?

In short you need to make sure that the way you take payments online is compliant with the new regulations. All the major payment providers like Stripe, SagePay, PayPal, etc have integration options that are already compliant so if you are using one of the compliant integration options you are fine. If you are not then you will have to move to a service that is compliant and/or upgrade your site's payment processing accordingly.

For example if you currently use Stripe and integrate using their Charges API, you will no longer be compliant. You will need to switch to the Payment Intents API and make the relevant changes in your checkout process to use the new integration.

Providers like SagePay will normally have an option in their control panel to switch on 3D Secure. Whether or not this is sufficient will depend on how you are integrating their process into your checkout. If that integration does not either account for the extra steps required in implementing 3D Secure or use a pre-configured drop-in checkout object then it is likely you have some work to do.

It is a similar story with PayPal, Worldpay, SecureTrading, AllPay, Realex and other providers.

What if I Do Nothing?

If you do nothing and you just happen to already be compliant then your payments will continue unchanged after 14th September 2019.

If you don't check that you are compliant and do nothing, then after 14th September 2019 you will most likely see a large increase in declined transactions as your customers' banks decline to make payments that have not been properly authenticated.

This could lead to a big drop off in sales and customer confidence in your site.

Can You Help Me?

Yes we can.

We are currently reviewing all our own clients payment integrations and switching or upgrading where necessary.

Fortunately all our clients are using providers that have integration options that are compliant with Secure Customer Authentication (SCA) so the upgrades are technically fairly straightforward. If their existing providers did not have a compliant option we could easily switch to one that does.

If you accept card payments of any type online then this new regulation will affect you. If you are not sure if your checkout and payment process are compliant we can help you find out - if it's not we can fix it so you don't start loosing sales.

Feel free to get in touch if you need some advice or help on this issue or anything else to do with e-commerce or taking online payments- that's what we are here for.

Here to Help!