In last week’s release you might have noticed the update about Strong Customer Authentication. This blog post will explain in more detail about what this update means for the customer and it’s end-users.
On 14 September 2019, new requirements for authenticating online payments have been introduced in Europe as part of the second Payment Services Directive (PSD2). This has been done to protect European consumers against online fraud.
Strong Customer Authentication (SCA) is a part of the new requirements.
SCA adds an extra authentication step to online payments. Before it was enough to have a creditcard number and an address. With the new regulations, you now have to meet at least two of the following three factors:
- Something the buyer knows (such as a password or PIN-code)
- Something the buyer owns (such as a smartphone or an authentication device)
- Something that identifies the buyer (such as a fingerprint or face recognition)
SCA applies to online payments where both the selling party and the buyer come from the European Economic Area. Currently this applies to all online payments where a credit card has been used.
Our community platform makes it possible to offer subscriptions to end-users. To make sure subscriptions are handled correctly the Stripe platform is used. The subscriptions feature has been updated to support SCA (as mentioned in last week’s release). This means the subscription flow will be as follows:
- An end-user decides to subscribe to a community subscription and ends up in the subscription flow.
- After filling in the billing account details the end-user then fills in his/her payment details.
- When the end-user uses a credit card, the information is sent to Stripe to check if the extra authentication step (SCA) is needed. When extra authentication is needed, a popup provided by Stripe will show up with easy to follow directions for the end-user.
- After the extra authentication has succeeded (when needed), the end-user will then subscribe to the subscription as usual.
A good thing to know is that even though the new regulations have been introduced it doesn’t mean that they will be enforced the same way accross countries, banks and card networks. This is why the extra authentication step (SCA) is not always needed.
The same extra authentication step as mentioned above is also used when a new customer subscribes to use the community platform and for verifying a change in the customer’s payment method.
To find out more about SCA, Stripe has provided more detailed information including a video and screenshots here: Strong Customer Authentication | Stripe