SCA best practices for recurring revenue businesses

Strong Customer Authentication (SCA) requirements are fully enforced in almost all eligible European countries, signaling a massive shift in the European payment landscape.

  1. Inleiding
  2. How does SCA affect recurring revenue payment flows?
    1. 1. First subscription charges, charging immediately
    2. 2. First subscription charges, charging later
    3. 3. Recurring subscription charges
    4. 4. Invoice charges
    5. 5. Ad hoc charges
    6. Reporting
  3. Further resources

Strong Customer Authentication (SCA) requirements are fully enforced in almost all eligible European countries, signaling a massive shift in the European payment landscape. To meet the new SCA requirements, a form of two-factor authentication is required for many online card payments in Europe. Without authentication, many payments may be declined by your customers’ banks. Managing these rules and suggestions can be especially important for businesses with recurring charges, and this guide outlines how to adjust recurring payment flows for SCA.

How does SCA affect recurring revenue payment flows?

Recurring revenue businesses need to consider how SCA may impact five key payment flows:

  • First subscription charges, charging immediately—a new subscriber signs up and their card is charged immediately.
  • First subscription charges, charging later—a new subscriber signs up but their card isn't charged until a later date, after a free trial, for example.
  • Recurring subscription charges—a subscriber's card is charged automatically to renew their subscription at the end of a billing cycle.
  • Invoice charges—a customer is sent an invoice to be paid manually, and their card is charged when they initiate the payment.
  • Ad hoc charges—a charge is initiated by someone at your company from an internal admin dashboard. For example, you might initiate a charge in response to an email from a customer about a failed payment.

We'll explain each payment flow, identify how SCA may affect it, and provide relevant resources and guidelines. You can use these resources to make sure you're SCA-compliant for the billing system that you use:

  • Stripe Billing—Stripe Billing is Stripe's subscriptions and invoicing revenue platform. It integrates with Stripe Payments and manages subscriptions and invoicing. In the first half of 2019, Stripe Billing launched a set of features for SCA, and users just need to make a few adjustments to their integrations to be SCA-compliant.
  • Stripe Payments + in-house billing—some businesses use Stripe Payments with an in-house billing system. Stripe Payments also launched a set of new features for SCA. Businesses with in-house billing systems will need to update the way their in-house systems work with the Stripe Payments API to be SCA-compliant.
  • Third-party billing—if you use a third-party recurring billing system, we'll provide some guidance around what you should expect of their products to make sure you are SCA-compliant.

1. First subscription charges, charging immediately

In this scenario, a new customer pays in advance for the first billing cycle in a subscription. Their credit or debit card is charged immediately. This is common for flat-rate business-to-consumer (B2C) and per-seat business-to-business (B2B) recurring payment plans when there is no free trial, such as Typeform's Business plan. This scenario also applies when a credit or debit card is not collected at the start of a free trial, such as with Squarespace. When this kind of free trial is over, the new subscriber will be asked to provide their card, and it will then be charged immediately.

SCA is required most of the time in this scenario because it will typically be the first time a cardholder has transacted with your business. If your payment flow does not support SCA, your customer's bank may be legally obligated to block the transaction. This will decrease your conversion rate. The impact will be worse to the extent that your customer base uses compliant financial institutions in Europe.

Most SCA exemptions will not apply in this scenario. Your payment service may be able to apply a low-risk transaction exemption, and this exemption is widely supported by banks, but this is largely out of your control. (Stripe Radar's comprehensive, real-time risk assessment allows us to support this exemption for our users.)

To make your payment flow SCA-compliant, your subscription checkout needs to identify when a first charge requires SCA and guide the new subscriber through their bank's two-factor authentication flow.

Stripe Billing—refer to Scenario 1 of the Stripe Billing SCA migration guide.

Stripe Payments + in-house billing—refer to the Recurring payments section of the Stripe Payments SCA migration guide.

Third-party billing—contact the third party or refer to their documentation.

2. First subscription charges, charging later

This payment flow is necessary for subscriptions with free trials and metered payment plans that are charged in arrears. Hulu, for example, asks for credit card information up front and charges automatically at the end of the free trial (unless canceled).

Payment method information collected for later use will need to be authenticated at the time of collection. If payment method information isn't authenticated, banks may decline these payments, and you may notice a decline in your free trial conversion rate or an increase in failed payments for metered billing plans.

As with the first scenario, SCA exemptions don't apply in this scenario because it will often be the first time your business has seen that customer. However, once a payment method has been authenticated, merchant-initiated transaction exemptions allow businesses to charge that payment method without needing SCA in the future.

To make this payment flow SCA-compliant, your subscription checkout needs to ask a new customer for their consent to charge their card in the future, guide them through their bank's two-factor authentication flow, and then save their card details for later use.

Stripe billing—refer to Scenario 2 of the Stripe Billing SCA migration guide.

Stripe Payments + in-house billing—refer to the Payment captured more than seven days after authorization section of the Stripe Payments SCA migration guide.

Third-party billing—contact the third party or refer to their documentation.

3. Recurring subscription charges

The majority of payments in a subscription business are not the customer's first payment. These renewal payments are considered "off-session," meaning the customer is not on your website or app when their payment is processed.

Recurring subscription charges are subject to SCA. If you don't change the way you process these charges, they could be declined by banks and you may notice an increase in unintended churn.

If a subscriber's payment method is authenticated via a first subscription payment, as with scenario one, or when the payment method details are collected, as with scenario two, recurring subscription charges may be eligible for SCA exemptions. Both the fixed-amount subscription and merchant-initiated transaction exemptions could apply in this scenario. However, since it's up to payment processors to make the necessary engineering changes to request exemptions, and up to banks to accept them, you should ensure this payment flow can handle SCA if required.

To make this payment flow SCA-compliant, you need to be able to identify which recurring charges require SCA and contact subscribers to bring them "on-session" to provide two-factor authentication.

Stripe billing—refer to Scenario 3 of the Stripe Billing SCA migration guide.

Stripe Payments + in-house billing—refer to the Recurring payments section of the Stripe Payments SCA migration guide.

Third-party billing—contact the third party or refer to their documentation.

4. Invoice charges

Many recurring businesses send out invoices for manual payment. This is especially common for businesses with high per-account values, whose customers may have accounts payable processes requiring invoices. Invoices may be used for first subscription charges or recurring subscription charges.

SCA is required if invoices are paid by credit or debit card. Since invoices may be used for a subscription's first charge and recurring charges, sign up and unintended churn numbers could be impacted by SCA. Similarly, because invoices can be used in the first and recurring charge scenarios, most of the exemptions previously mentioned in this guide can apply.

To make this payment flow SCA-compliant, payments made on hosted invoices need to direct the customer through a two-factor authentication flow if SCA is required, much like in the first scenario.

Stripe billing—refer to Scenario 4 of the Stripe Billing SCA migration guide.

Stripe Payments + in-house billing—refer to the One-time payments section of the Stripe Payments SCA migration guide.

Third-party billing—contact the third party or refer to their documentation.

5. Ad hoc charges

Your operations team may occasionally charge customers manually. For example, Deliveroo might do a one-off charge for training or event tickets.

With SCA, these charges may require two-factor authentication and may involve similar considerations to the recurring subscription charge scenario because the customer will likely be "off-session."

The merchant-initiated transaction exemption is likely to be the most helpful in this scenario, but the low-risk and below €30 payment exemptions may also be relevant. Fixed-amount subscription exemptions will likely not be relevant in this scenario because charges initiated by your operations team will be ad hoc, outside the normal cycle of a subscription.

To make this payment flow SCA-compliant, you need to provide a way for admin-initiated charges to support an "off-session" SCA payment flow, collecting two-factor authentication from customers, much like in the recurring payments scenario.

Stripe billing—refer to the Tools for collecting off-session payments section of the Stripe Billing SCA migration guide.

Stripe Payments + in-house billing—refer to the Other off-session payments section of the Stripe Payments SCA migration guide.

Third-party billing—contact the third party or refer to their documentation.

Reporting

We also recommend that you ensure you can report how many charges are requiring SCA, how many are being successfully authenticated, how many aren't, and where those charges are occuring. To make sure your implementation is handling SCA correctly for all payment flows, it'll be important for you to spot any spikes in SCA-related declines and unintended churn quickly so that you can respond. Stripe has a number of reporting tools that can help.

Further resources

Our SCA guide provides a detailed overview of SCA for all types of online businesses. Stripe's SCA documentation covers implementation details, and the SCA migration guide for Stripe Billing walks through the updates Stripe Billing users will need to make.

Learn more about Stripe's SCA-compliant products on our website. If you have any questions or feedback, please let us know.

Direct aan de slag? Neem contact op of maak een account.

Maak direct een account om betalingen te kunnen ontvangen. Contracten of bankgegevens zijn niet vereist. Je kunt ook contact met ons opnemen om een aangepast pakket voor je onderneming samen te stellen.