
In September, a new European payment regulations is being introduced, to help make it all much more secure and prevent fraud.
The new PSD2 regulation will require Strong Customer Authentication (or SCA) for all online payments.
How do you implement SCA?
To make sure the bank doesn’t refuse the payment, the retailer will need 2 of 3 possibile pieces of information from the customer.
This can be either a password, a verification for example from either a hardware token tool or a phone notification confirmation, or something physical like a fingerprint or facial recognition.
So how will affect e-commerce shops?
The good news is some payment gateways for Woocommerce are already SCA ready, for example Stripe and Amazon Pay (and Apple Pay already had this included). And in the case of Paypal, as the transaction takes place entirely on their website with standard Paypal, they’re already compliant without the need to change/update anything. Paypal Pro Direct will require a plugin update to make sure you’re compliant.

What if you’re not using Woocommerce?
If you’re using a different e-commerce platform, perhaps Shopify or a bespoke system then you’ll need to check that they are compliant. Shopify have confirmed they are and their merchants don’t need to do anything.
Are there any exemptions?
Yes, any transaction below €30 is exempt but only until 5 exempt transactions, then the customer will need to validate using SCA (or if the total amount is more than €100 so if each purchase was €30, on the 4th transaction they’d need to validate with SCA).
Does it apply to subscriptions?
After the 14th September, the first subscription payment will need to be SCA validated, but they shouldn’t need to validate every one unless there is a change to the amount of the subscription.
However, a smidge of common sense seems to have been applied to existing subscriptions, according to the European Banking Authority website, whereby SCA will not be required unless there is a change to their subscription.
How to prepare for the introduction of SCA
- First step is to check that you are payment gateway is compliant. Even if it’s mentioned above, it’s best to get it confirmed by looking at the provider’s website or getting in touch with them.
- Make sure you’ve done all your software updates, if applicable, as these might be needed to implement the new services.
UPDATE
Stripe have decided, in their wisdom, that you will need to enable 3D secure payments in the settings on your account – under ‘Radar Rules’. But, this can’t be done until the 14th September 2019….a Saturday. Read more about it here.
What happens if you don’t do any of the above?
Potentially nothing, if the transactions are small but, if you’re not using SCA then the bank could refuse the transaction which might mean you lose sales or have to answer a lot of emails from customers.
Need help?
No problem, get in touch using the form below and we’ll help where we can, even if that’s just providing a bit of free advice!