Do I need to support SCA for my users?
Businesses in the European Economic AreaThe European Economic Area is a regional single market with free movement of labor, goods, and capital. It encompasses the European Union member states and three additional states that are part of the European Free Trade Association. (EEA) accepting online payments from customers in the EEA will require a different user experience, namely 3D Secure3D Secure provides an additional layer of authentication for credit card transactions that protects merchants from liability for fraudulent card payments. During a transaction that incorporates the 3D Secure authorization process, the customer is prompted to supply a separate password or code to validate their purchase.. Transactions that don’t follow the new authentication guidelines may be declined by a customer’s bank, starting on September 14th, 2019. This additional layer of authentication requires migrating to SCA-ready solutions like the new version of Checkout or the Payment Intents APIThe Payment Intents API is a new way to build dynamic payment flows. It tracks the lifecycle of a customer checkout flow and triggers additional authentication steps when required by regulatory mandates, custom Radar fraud rules, or redirect-based payment methods., described in Step 2.
Step 1: Identify your plugin on our platform
Plugins and third-party libraries should include identifying information so we can contact you about future changes or critical updates to the API. You should use the setAppInfo function to provide those details in your Stripe integration.
We encourage you to join the Stripe Partner Program, which includes free registration and more resources for developers building plugins and libraries. You can learn more about our suggested best practices in our documentation.
Step 2: Determine your integration path
- Choose Checkout when possible. Stripe’s new version of Checkout is a fully hosted payment page that can be branded by businesses, supports recurring subscriptions, and is the easiest way to provide SCA support to your users.
- If you need control over your checkout experience, use the Payment Intents API. It works with Elements, our customizable UI components for payment flows, and other Stripe APIs like PaymentMethods, Customers, and Connect. The Payment Intents API will automatically display authentication flows like 3D Secure 2 and ensure your integration is SCA-ready. You can also choose between an asynchronous API that requires the use of webhooks, and a synchronous API that is simpler for card-only integrations.
- You should programmatically subscribe your user to webhooks. You can register a webhook endpoint for your account or connected accounts and manage them via the Webhooks API, simplifying setup for your users.
If none of these options work for your integration, please let us know.
Step 3: Test dynamic authentication
After you have finished implementing the new integration path, configure your Dynamic 3D Secure Radar rules to test your integration using 3D Secure test cards. Make sure to test both cases when the authentication is successful and unsuccessful.
Step 4: Notify your users and Stripe
We recommend releasing an update for your users: you can inform them that your payments solution is SCA-ready for customers in the EEA. You can share our guide to Strong Customer Authentication with your users to help them understand these regulatory changes. When you’ve released an SCA-ready update, please let us know as well.