Strong Customer Authentication (SCA), a new rule coming into effect on September 14, 2019 as part of PSD2 regulation in Europe, will require changes to how your customers authenticate online payments. Card payments will require a different user experience, namely 3D Secure, in order to meet SCA requirements. Transactions that don’t follow the new authentication guidelines may be declined by your customers’ banks.
To prepare for SCA, you should:
- Determine if your business is impacted
- Decide which one of our new SCA-ready products is right for your business
- Make changes before September 14, 2019 to avoid declined payments
Impacted businesses and payments
Businesses in the European Economic Area (EEA) that accept cards will be affected by Strong Customer Authentication. This regulation applies to transactions where both the business and the cardholder’s bank are located in the EEA.
Although not legally within scope of the regulation, we expect a small minority of European banks to require SCA for all payments with their cards regardless of where the business is based. If you’re based outside of Europe but a large portion of your sales are to European customers, we recommend preparing for SCA to minimize the risk of any payment being declined.
The following table describes SCA’s impact on a given payment between a business and a customer:
|Customer from the EEA||Customer from outside the EEA|
|Business based in the EEA||Impacted||Not impacted|
|Business based outside the EEA||Moderate impact (small minority of issuers may request authentication)||Not impacted|
Preparing for SCA
Stripe has prepared pre-built and customizable solutions to help you prepare for SCA. You will need to update your integration to support 3D Secure 2 before September 14, 2019.
Use Stripe’s new Checkout, a pre-built, Stripe-hosted checkout flow that automatically handles SCA requirements for you. Checkout is customizable and lets you accept payments for one-time purchases and subscriptions on your website.
For businesses accepting recurring payments, Stripe Billing identifies which subscription charges require authentication and sends customizable emails to subscribers when additional authentication is needed.
|Billing SCA Migration Guide coming soon|
We recommend using Checkout or Billing because it will require the least amount of work from you going forward. Since Stripe manages the end-to-end experience, we can update your integration to prepare for future regulations with minimal changes required by you.
Alternatively, customize the checkout experience with the new PaymentIntents API along with Elements, Stripe.js, and the iOS/Android SDKs. Read our SCA Migration Guide for PaymentIntents API to learn more.
Upgrade your integration as soon as possible to ensure you’re ready by the deadline. Integrations that are not SCA-ready, such as ones that use the Charges API, will start seeing high rates of declines on September 14, 2019.