Strong Customer Authentication (For Stripe & Braintree – Europe)
6Storage is SCA Ready!
As part of the second Payment Services Directive (PSD2), Strong Customer Authenication (SCA) is the new European regulatory requirement to reduce fraud and further secure online payments.
SCA is applied to customer initiated online payments within Europe. This means, transactions where both the business and the cardholder’s bank are located in the European Economic Area (EEA).
Recurring direct debits are considered as merchant initiated and does not require strong authentication.
In-person card payments do not require SCA as well.
Compared to the existing authentication method which relies on 3D Secure, the new authentication (3D Secure 2) delivers a better user experience to minimize friction that authentication adds into the checkout flow.
SCA requires at least 2 of the following authentication methods:
Something the customer knows (eg, PIN or password)
Something the customer has (eg, phone or hardware token)
Something the customer is (eg, fingerprint or face recognition)
Exemptions To SCA
Specific type of low risk transactions may be exempted from SCA. While there are a few more exemption types: only fixed amount subscriptions, merchant initiated transactions will be discussed here.
Fixed Amount Subscriptions
When the customer makes a series of recurring payments for the same amount to the same business: SCA will only be required for the customer’s first payment, and subsequent charges may be exempted from SCA.
Merchant initiated transactions
Payments made with saved cards where the customer is not present in the checkout flow is exempted from SCA. However it depends on the bank whether authentication is needed for the transaction.
During the first payment or when the card is being saved, you’ll have to authenticate the card. Then you’ll need to get an agreement from the customer to charge their card at a later point.
If an Exemption Fails
Note: the cardholder’s bank decides whether or not to accept an exemption.
Under a failed exemption scenario (for Stripe payments), payments will be resubmitted to the customer with a request for SCA, and 6Storage SCA-ready will automatically trigger the extra authentication when needed by banks.
How SCA Works on 6Storage
After you enter the credit card details, Stripe platform will detect if authentication is needed. If required, Stripe will authenticate the customer using a onetime pass-code or bio-metric ID (depending on the bank).
Once the customer’s identify has been confirmed through SCA, the card will be charged.