What is SCA?
Strong Customer Authentication (SCA) is a new regulation that will take effect on September 14th 2019 as part of PSD2 regulation in Europe, will require changes to how your European customers authenticate online payments. This regulation applies to online payments where the customer’s bank and the business are both in the European Economic Area.
Strong Customer Authentication (SCA) is a core part of the second Payment Services Directive (PSD2) set up by the European Commission as a requirement to reduce online fraud cases and make transactions more secure. This means that any European transaction made online will require an additional authentication on top of existing transaction methods.
SCA requires that businesses use two independent authentication elements to verify payments. In practice, this means adding a new payment step where your customers must confirm their payment using an authentication method like a password, hardware token, or biometric.
This new regulation will be introduced on 14 September 2019 and a number of European banks may start declining any payments without the additional authentication provided by consumers.
To find out more about SCA, click here.
What is PSD2?
PSD2 is the second Payment Services Directive designed by the countries of the European Union. It introduces strict security requirements for the initiation of electronic payments in order to reduce the risk of fraud.
To protect the consumer, PSD2 requires banks to implement multi-factor authentication transactions performed on any channel whether remote or proximate. Consumers will have to identify themselves with two of the three categories shown below.
The authentication methods are:
- Personal - a password or PIN code
- Device - smartphone device or digital token
- Biometric - fingerprint or facial recognition
Will I be affected by the Strong Customer Authentication regulation?
This regulation applies to online payments where the customer’s bank and the business are both in the European Economic Area. To check whether the new SCA regulation applies to your company, the criteria are as follows:
- Your business is based in the European Economic Area (EEA)
- You create payments on behalf of connected accounts based in the EEA
- You serve customers in the EEA
- You accept EU-issued debit/credit cards
Marketplaces whose customers fall under this criteria may start to see an increase in failed transactions after the implementation of the regulation.
If your marketplace is outside of the European Economic Area (EEA), or it does not handle European-based transactions, you will still benefit from the SCA and the PSD2 through the improved UX and better protection against credit card disputes.
Here at Arcadier, we have taken steps to ensure that your marketplace gets minimal disruption.
Is my Arcadier marketplace compliant?
Payment service providers will be the ones mainly responsible for complying with the SCA regulations. Depending on the payment gateways you are using on Arcadier, you may have to make some adjustments to your transaction flow. You can find details on each of Arcadier’s available payment service providers below:
Stripe integration will be done by Arcadier. If your marketplace was made before the 13th September 2019 release, you will have to enable the Stripe 3D Secure Card Payment plug-in designed to support 3DS2.
To activate Stripe 3D Secure in your marketplace, simply head over to your admin marketplace site, click on "Plug-ins" on the side-menu and install the Stripe 3D secure plugin.
To learn more about installing the Stripe 3D Secure plug-in, click here.
1. Select and click on the “Plug-ins” tab on the sidebar
2. Click on the “Available” tab and locate the Stripe 3D Secure plug-in
3. Click "Install"
4. Once installed, make sure the toggle is set to "YES" to activate and you're all set!
3DS2 Enabled stripe payments does not support multi-merchant check-out (i.e. your buyers can only check-out items or services from one merchant at a time). This is due to Stripe’s new payment flow where it redirects to Stripe’s payment page.
For all marketplaces with Stripe payments created after 14th September 2019, you will automatically be using Stripe’s new 3DS2 flow.
PayPal pre-integrated on Arcadier will not be affected as PayPal payments will be automatically redirected to PayPal’s site when customers are ready to pay, where they will handle cards that require 3DS2 authentication accordingly.
For more information and to check your payment settings, you can read more here: https://www.paypal.com/uk/webapps/mpp/psd2
Omise does not support SCA as they only operate for customers within Asia.
Custom Payments will depend on the individual payment gateways that you have connected with. Please make sure to check with your preferred payment gateway if they support SCA and update your redirect URL integration accordingly.
Please ensure that your custom integration is SCA compliant. Check with your payment service provider for more information on whether your specific integration supports SCA.