On September 14, 2019 a new regulation for online payments called Strong Customer Authentication (SCA) took effect in Europe. It’s aimed at reducing fraud and providing more security for online payments. As a store owner selling to customers in Europe and accepting credit cards or bank transfers online, you need to comply with SCA.
Understanding SCA
Strong Customer Authentication is part of the
second Payment Services Directive (PSD2) which was created to make online payments safer and more secure. SCA adds an extra step to the payment process where customers further authenticate their identity to complete the payment.
Strong Customer Authentication applies if the banks of the buyer and the seller are both located in the
European Economic Area. It may also apply if only a buyer’s bank is in Europe. The final solution whether to apply SCA is made by the issuing bank. So even if your store is not in Europe but you sell to European customers, you must comply with SCA.
On the buyer’s side, the payment process with SCA will involve the following steps: the buyer will check out in your store and then proceed to the payment step. Once on the payment step, the buyer will enter their card details as usual, but then must pass an extra step to authenticate their identity.
The authentication method is set by the card issuing bank. For example, it could include a one-time code sent to a mobile phone or a fingerprint in the bank’s mobile app.
Once this step has been passed the transaction will be processed. If the bank requires SCA but SCA authentication is not asked for nor completed during the payment, the transaction will be declined by the bank.
Your Store and SCA
Complying with SCA lies mostly on payment gateways, but there is also something you may do to make sure that your store complies with SCA. Below we explain what you can do depending on where you sell and how you accept payments.
Stores Outside the EU
SCA is a regulation to be applied in the EU zone. However, if you are not in the EU, but your customers are, SCA may apply in this case as well. The final decision whether to apply SCA when only the customer’s bank is in the EU is made by the card issuing bank.
Stores in the EU
SCA will apply when both banks (yours and customer’s) are located in Europe. Depending on what payment methods you use, you can carry out different steps.
Stores Accepting Credit Cards
If you are using Stripe or Square in your store, we’ll make sure that your store is SCA compliant. You don’t need to worry about anything as long as you are using one-page checkout in your store.
If you are using other payment methods like authorize.net, 2checkout, etc., all the preparations should be done by the payment gateway as the whole payment process takes place on their website — customers are redirected from your store checkout to the gateway’s website.
Contact the support team of the payment gateway you use to find out whether they comply with SCA. If the payment gateway you use won’t accommodate SCA measures, consider using other payment methods in your store.
Stores Not Accepting Credit Cards
If customers pay you in cash or with other offline payment methods, no actions from you are needed! SCA applies only to stores that accept credit cards online.
Stores in the UK
SCA won’t be enforced in the UK until March 2021.