Strong Customer Authentication (SCA)

Modified on Mon, 30 Mar, 2020 at 12:45 AM

Overview

On September 14, 2019 a new regulation for online payments called Strong Customer Authentication (SCA) will take effect in Europe. It’s aimed at reducing fraud and providing more security for online payments.


As a store owner selling to customers in Europe and accepting credit cards or bank transfers online, you should prepare your store in order to be ready for SCA so that you could continue accepting payments with no disruptions. In this article, we explain what SCA is and what you can do to get ready for it.


Note: Strong Customer Authentication is only supported in the new storefront UI which was released in January 2019. Older stores will need to upgrade to the new UI, which can be done within the editor. See this article for more information.


Understanding SCA

Strong Customer Authentication is a part of the second Payment Services Directive (PSD2) which was created to make online payments safer and more secure. SCA adds an extra step to the payment process where customers further authenticate their identity in order to complete the payment.


Strong Customer Authentication applies if the banks of the buyer and the seller are both located in the European Economic Area. It may also apply if only a buyer’s bank is in Europe. The final solution whether to apply SCA is made by the issuing bank. So, even if your store is not in Europe but you sell to European customers, we recommend that you should get ready for SCA. This will help you avoid transactions being declined when SCA comes into force.


On the buyer’s side, the payment process with SCA will involve the following steps: the buyer will check out in your store and then proceed to the payment step. Once on the payment step, the buyer will enter their card details as usual, but then must pass an extra step to authenticate their identity.


The authentication method is set by the card issuing bank. For example, it could include a one-time code sent to a mobile phone or a fingerprint in the bank’s mobile app.


Once this step has been passed the transaction will be processed. If the bank requires SCA but SCA authentication is not asked for nor completed during the payment, the transaction will be declined by the bank.


Preparing your store for SCA

The preparation for SCA lies mostly on the payment gateways. They should adapt to this new regulation to allow buyers to pass the extra authentication step for online payments.


Yet there is also something you may do to make sure that your store will comply with SCA and you can keep accepting credit cards online from European customers flawlessly. Below we explain what you can do depending on where you sell and how you accept payments.


Stores outside the EU

SCA is the regulation to be applied in the EU zone. However, if you are not in the EU, but your customers are, the SCA may apply in this case as well.


The final decision whether to apply SCA when only customer’s bank is in EU is made by the card issuing bank. It’s better for you to be ready for SCA to be sure that EU customers can complete payments in your store. Keep reading to find out what you can do.


Stores in the EU

SCA will apply when both banks (yours and customer’s) are located in Europe. Depending on what payment methods you use, you can carry out different steps.


Stores accepting credit cards

  • If you are using Stripe or Square in your store, we’ll make sure that your store is SCA compliant on time. You don’t need to worry about anything as long as you are using one-page checkout in your store.


To enable one-page checkout in your store:
  1. Go to your Control panel → Settings → What’s new.

  2. Find the Next-gen Storefront or Next-gen Checkout Flow update and enable it. You will see one of these updates in your store depending on whether you are already using the next-gen design for other store pages.


If you don’t see this update or the “What’s new” page at all, then your store is up to date and is using all the latest features.
  • If you are using other payment methods like Authorize.Net, 2Checkout, etc., all the preparations should be done by the payment gateway as the whole payment process takes place on their website — customers are redirected from your store checkout to the gateway’s website.
    Contact the support team of the payment gateway you use to find out whether they are going to comply with SCA.


If the payment gateway that you use won’t accommodate the new SCA measures, consider using other payment methods in your store.


Stores not accepting credit cards

If customers pay you in cash or with other offline payment methods, no actions from you are needed! SCA applies only to accepting credit cards online.


Stores in the UK

SCA will apply to the UK as well but a bit later. You get about 18 more months to get ready as the UK has got another deadline for SCA to come into force.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article