What is SCA?
Strong Customer Authentication is a European regulation that requires merchants use two methods of verification to authenticate customers’ identities. This is likely the beginning of many international regulations that endeavour to protect merchants and customers alike.
When SCA takes effect, a form of two-factor authentication will be required for most online card payments in Europe. SCA is enforceable starting on September 14, 2019, and European banks can decline payments that require SCA and do not have this additional authentication.
SCA applies to “customer-initiated” online payments within Europe. This means that almost all card payments and all bank transfers will require SCA.
SCA requires customers use at least two of the following three methods of verification:
- Something the customer knows (such as a password or PIN)
- Something the customer has (such as a phone or hardware token)
- Something the customer is (such as a fingerprint or face recognition)
Why is SCA important?
This new requirement is aimed at reducing fraud and making online payments more secure. This protects the merchant (that’s you), as well as the customer. You can find the official SCA requirements in the Regulatory Technical Standards.
Although SCA requirements officially take effect on September 14, 2019, some select banks and payment providers may be allowed to postpone this date. See this page for updates on these deadlines.
How SCA affects payments on your WordPress sites
For online purchases with a debit or credit card, SCA will apply to transactions where both the business and the cardholder’s bank are located in the European Economic Area (EEA).
Selling subscriptions? SCA will apply to the first payment, however recurring or ongoing direct debits or subscriptions are considered “merchant-initiated” and will generally not require additional customer authentication unless there is a change in the cost of the recurring payment.
Low-value transactions below € 30 will generally be exempt from SCA. However, if the customer makes five purchases or their total amount spent goes above € 100, SCA will be required.
Ultimately, the cardholder’s bank will deem whether or not a transaction will be exempt. Read more about possible exemptions.
What changes are being made to WP Simple Pay?
Under the hood, WP Simple Pay has moved from using Stripe’s Charges API to the new Payment Intents API and support for the latest 3D Secure 2 authentication standards. However, you don’t need to change any other settings inside your Stripe account to enable the new 3D Secure features.
Use the 4000 0000 0000 3220 test card number on our demo site to trigger a 3D Secure challenge flow.
The current Stripe Checkout modal will no longer be supported by Stripe and won’t be updated for SCA, but there is another option with the new Stripe Checkout – more on that below.
Will this change affect my existing subscriptions?
As the modal change is a design change only, it does not affect payment processing or subscription renewal payments. Customers who have active recurring subscriptions that were created via the Stripe Checkout before September 14, 2019 will still have their renewal payments processed by Stripe and picked up through WP Simple Pay.
Make sure you’ve enabled customer emails to be sent for authorization. In your Stripe dashboard, go to Settings -> Billing -> Subscriptions and emails (direct link) to enable this setting.
Introducing the New Stripe Checkout
WP Simple Pay now gives you the option to use the new Stripe Checkout in your payment forms. 3D Secure 2 is automatically included in this new Checkout process when the cardholder’s bank supports it, which in turn is required by the SCA regulation described above. The “legacy” Stripe Checkout overlay was removed to ensure all card payments can be accepted.
All of your WP Simple Pay forms using Stripe Checkout will continue to work, but the payment flow for your site visitors will look a bit different than it did before this change. They will now be directed off-site to a fully Stripe-hosted payment page before being redirected back to your site to display a payment confirmation.
Still want to use a modal style payment form on your site? Remember you can always switch to the Overlay form display option, which in turn utilizes Stripe Elements to provide real-time validation and securely collect payment details (and also support 3D Secure 2 when required).
Ready to update?
View the full changelog for additional features and improvements included in this release.
WP Simple Pay Pro 3.6 is available now for all licensed customers. You can update to the latest version in your WordPress admin or download it from your account.
Need a license? Get WP Simple Pay Pro today!
Please note: We’re not lawyers here at WP Simple Pay, so for further questions about international laws and regulations, and for peace of mind, we recommend seeking advice from a legal professional.