Saturday, August 31, 2019

Strong Customer Authentication

In September 2019, Strong Customer Authentication will come into force in Europe. SCA is a new form of two-factor authentication designed to add an extra layer of security when you make a payment online. Although SCA is being implemented to reduce fraud, it is widely expected to have a significant impact on website sales by complicating the checkout procedure.

GodsWeb uses the Stripe Elements implementation method.  When performing a checkout, if authorisation is required by your bank, you will be automatically prompted via modal (popup window) to approve the payment. This process is also commonly referred to as 3D Secure.  Use of 3D Secure depends on the card type and issuer - (and not GodsWeb or Stripe).    It has been implemented online by some for a while, but it is now enforced law across the European Economic Community.


Many customers use our automated recurring payments to pay their invoices automatically.  This is done on the due date on the invoice and is performed using stored tokens automatically without any human involvement. 

However, now, if your card requires SCA, the automated payment attempt by our systems will be denied and you will be required to login to your client account to manually process the payment..   Once manually approved that 'should' in theory be all that is required to continue paying invoices automatically going forward.  However, that is the theory and in practice, it has yet to be proven/tested.

Some banks will demand this on all transactions.  Some will not demand it on orders below a value of 30 Euro.  However, it is now the legal responsibility of GodsWeb (and all e-commerce websites) to provide the order flow mechanisms for SCA to take place, if a customer's bank demand it at checkout.  

We expect disruption - not only with ourselves but it is estimated this could result in more than £57 million in lost revenue as customers get used to the changes across Europe as this is enforced.

YOU CAN AVOID the SCA headache with Direct Debit and GoCardless

For a while now, we have worked with GoCardless providing Direct Debit options.  It is becoming the most popular option for both one off and automated payments with our customers.  GoCardless is fully PSD2 compliant, and paperless Direct Debit mandates used by GoCardless are out of scope for SCA. You’ll be able to setup your recurring payments with absolutely no additional two-factor authentication required.

If you face any issues, please do not hesitate to raise a support ticket to our BILLING dept.


« Back