SCA Migration Overview

    Learn how the Strong Customer Authentication regulation affects your business and how to update your integration to prepare for it.

    Strong Customer Authentication (SCA), a new rule coming into effect on September 14, 2019 as part of PSD2 regulation in Europe, will require changes to how your customers authenticate online payments. Card payments will require a different user experience, namely 3D Secure, in order to meet SCA requirements. Transactions that don’t follow the new authentication guidelines may be declined by your customers’ banks.

    To prepare for SCA, you should:

    1. Determine if your business is impacted
    2. Decide which one of our new SCA-ready products is right for your business
    3. Make changes before September 14, 2019 to avoid declined payments

    Impacted businesses and payments

    Businesses in the European Economic Area (EEA) that accept cards will be affected by Strong Customer Authentication. This regulation applies to transactions where both the business and the cardholder’s bank are located in the EEA.

    Although not legally within scope of the regulation, we expect a small minority of European banks to require SCA for all payments with their cards regardless of where the business is based. If you’re based outside of Europe but a large portion of your sales are to European customers, we recommend preparing for SCA to minimize the risk of any payment being declined.

    The following table describes SCA’s impact on a given payment between a business and a customer:

    Customer from the EEA Customer from outside the EEA
    Business based in the EEA Impacted Not impacted
    Business based outside the EEA Moderate impact (small minority of issuers may request authentication) Not impacted

    Preparing for SCA

    Stripe has prepared pre-built and customizable solutions to help you prepare for SCA. You will need to update your integration to support 3D Secure 2 before September 14, 2019.

    Checkout
    Use Stripe’s new Checkout, a pre-built, Stripe-hosted checkout flow that automatically handles SCA requirements for you. Checkout is customizable and lets you accept payments for one-time purchases and subscriptions on your website.
    Billing
    For businesses accepting recurring payments, Stripe Billing identifies which subscription charges require authentication and sends customizable emails to subscribers when additional authentication is needed.

    Update to Checkout

    Billing SCA Migration Guide coming soon

    We recommend using Checkout or Billing because it will require the least amount of work from you going forward. Since Stripe manages the end-to-end experience, we can update your integration to prepare for future regulations with minimal changes required by you.

    Alternatively, customize the checkout experience with the new PaymentIntents API along with Elements, Stripe.js, and the iOS/Android SDKs. Read our SCA Migration Guide for PaymentIntents API to learn more.

    Upgrade your integration as soon as possible to ensure you’re ready by the deadline. Integrations that are not SCA-ready, such as ones that use the Charges API, will start seeing high rates of declines on September 14, 2019.

    Next steps

    Questions?

    We're always happy to help with code or other questions you might have! Search our documentation, contact support, or connect with our sales team. You can also chat live with other developers in #stripe on freenode

    Was this page helpful? Yes No

    Send

    Thank you for helping improve Stripe's documentation. If you need help or have any questions, please consider contacting support.