Strong Customer Authentication
Learn how the Strong Customer Authentication regulation affects your business and how to update your integration to prepare for it.
Strong Customer Authentication (SCA), a new rule coming into effect on September 14, 2019, as part of PSD2 regulation in Europe, will require changes to how your European customers authenticate online payments. Card payments will require a different user experience, namely 3D Secure, in order to meet SCA requirements. Transactions that don’t follow the new authentication guidelines may be declined by your customers’ banks.
To prepare for SCA, you should:
- Determine if your business is impacted
- Decide which one of our new SCA-ready products is right for your business
- Make changes before September 14, 2019, to avoid declined payments
Impacted businesses and payments
Prepare for SCA and update your Stripe integration if all of the following apply:
- Your business is based in the European Economic AreaThe European Economic Area is a regional single market with free movement of labor, goods, and capital. It encompasses the European Union member states and three additional states that are part of the European Free Trade Association. (EEA) or you create payments on behalf of connected accounts based in the EEA
- You serve customers in the EEA
- You accept cards (credit or debit)
While some low-risk transactions will not require authentication, banks can choose to not honor these exemptionsSome transactions that are deemed low risk, based on the volume of fraud rates associated with the payment provider or bank, may be exempt from Europe’s Strong Customer Authentication requirements. and request that the customer complete authentication. Even if you’re primarily processing low-risk transactions, update your integration so your customers can complete authentication when requested by the bank. Stripe’s new products and APIs help you claim these exemptions and maximize conversion by only requesting authentication when absolutely necessary.
SCA-ready products and APIs
Stripe provides pre-built and customizable solutions to help you prepare for SCA. Integrations that are not SCA-ready, like ones using the Charges API, will start seeing high rates of declines on September 14, 2019. Update your integration to support 3D Secure 2 before September 14, 2019.
Whether you collect one-time payments or save cards for later reuse, Stripe has SCA-ready products that let us update your integration for future regulations, with minimal changes required by you.
One-time payments
Accept card payments with the Payment Intents API and Stripe’s new version of Checkout—a pre-built, Stripe-hosted checkout flow that automatically handles SCA requirements for you. Checkout is customizable and lets you accept payments for one-time purchases and subscriptions on your website.
Reusing cards
Save a card for later reuse with Stripe's new Payment Intents and Setup Intents APIs. You can also use Checkout—a pre-built, Stripe-hosted checkout flow—to automatically handle SCA requirements, or use Stripe Billing to handle SCA for more complex subscription models.
Read the SCA Migration Guide to learn more about which products are best suited for you. For specific product recommendations based on common business scenarios, check out the SCA Payment Flows Guide.