As of September 14th, 2019 payment gateways now require additional security steps regarding “SCA” for customer purchases in the European Union.
This will trigger the 3DS payment gateway security features for the customer to authorize their payment.
What is SCA?
Strong Customer Authentication (SCA) is a European regulation set in place on September 14th, 2019 to reduce fraud and make online payments more secure for purchasing customers by adding additional security steps for purchases and subscriptions.
When is SCA applied?
SCA currently only applies to EU businesses that are selling to EU based customers and match any of the following criteria
(a) accesses their payment account online;
(b) initiates an electronic payment transaction;
(c) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.
Most card payments and all bank transfer payments will require SCA.
When is SCA not required?
There are scenarios in which SCA may not be required for the customer’s purchase.
What is 3DS?
3D Secure (3DS) is a fraud prevention measure that acts as an additional layer of security when taking card payments. It gives customers a secure 2 step authentication before they can purchase online; ensuring that they’re using the correct card details to help protect against card payment fraud.
3DS serves as the authentication method required by SCA regulations.
What payment gateways support 3ds?
- Authorize.net: Not Supported
- Braintree: Supported
- EasyPayDirect: Not Supported
- PayPal: Not required
- Stripe: Supported
How do vendors enable 3ds for their payment gateways in PayKickstart?
NOTE: Please also consult with your payment processor to ensure they do not require any additional actions to set up 3ds.
Go to the Integrations section, locate your payment gateway and enter the settings, then click enable 3ds.
After you enable 3DS for the payment gateway go to the platform settings to set your SCA subscription billing reminders in the subscription section for the SCA authentication emails that will be sent to customers to authenticate their transaction. Set the number of SCA reminders (1 per day) you’d like to send your customers before marking the transaction as failed
IMPORTANT: SCA & 3DS is only supported on non-legacy templates. If you are an EEA-based vendor and have previously created products before 9/10/19, then you must disable the “Use legacy templates” option in your products’ settings(section 2) in order to be able to use SCA.
Please note that after switching to the new templates you may need to check your template’s design settings and/or reset the checkout template (resetting the template will reset any customizations in the legacy and non-legacy version of the templates)
NOTE FOR VENDORS WHO DO NOT SEE THIS LEGACY OPTION IN THEIR PRODUCTS:
Legacy templates only apply to products created before 9/10/19.
All newly created or cloned products will NOT offer a legacy option. If you do not see this option, your product is using the current non-legacy templates by default.
How will 3DS work for customers?
- NOTE: If the customer does not authenticate the transaction within the allotted grace period(1-3 days: contact vendor of product for their grace period), the transaction will be marked as failed.
4. Our system confirms the customer’s rebill transaction and Paykickstart will attempt to process the transaction as normal.