Strong Customer Authentication
Learn about how SCA can affect you if you process payments within the European Union
In September 2019, Strong Customer Authentication (SCA), a new regulation for authenticating online payments, will be rolled out across Europe, as part of the Second Payment Services Directive (PDS2).
One of the key aims of SCA is to reduce the incidence of payer fraud and increase security, by introducing two-factor authentication on electronic payments.
SCA comes into force on 14 September 2019, and will affect any applicable transaction for businesses whose payment service provider is located within the European Economic Area (EEA) and whose customer's bank or card provider is also located within the EEA. If only one of those parties is located within the EEA, the requirement is for them to still use 'best efforts' to apply SCA.
What providers support SCA?
If the SCA regulation applies to you, you must make sure you use a SCA compatible payment provider. These are currently the following ones:
Adyen
Barclaycard Smartpay
Checkout.com
Credorax
Stripe Payment Intents
WorldPay
Updating your account to use SCA.
If you are using one of the gateways above already, you will need to update your template files to take advantage of the SCA integration. To do this follow these simple steps:
Updating your Template Files
Log in to your Nexudus account at platform.nexudus.com.
Go to Settings > Website > Templates > Open Template Files: https://platform.nexudus.com/templates
Select the payment_scripts.htm file and click Update
Select the payment_history.htm and click Update
Using Stripe? If you are using Stripe you have to change from the "Stripe" payment gateway type to the "Stripe Payment Intents" gateway type. See below for more details.
Configuring Stripe
If you are using Stripe as your payment gateway, you will need to make some changes in your account to take advantage of SCA.
Create a webhook in Stripe
Log in to your Stripe account.
Go to Developers > Webhooks: https://dashboard.stripe.com/webhooks
In the section Endpoints receiving events from your account click Add Endpoint.
In the URL type https://core.spreedly.com/stripe/webhooks
Select the following events: payment_intent.succeeded payment_intent.payment_failed payment_intent.amount_capturable_updated
Click Add endpoint.
Once the list updates, click on the new endpoint to see its details.
In the URL of the page, copy the Id of the webhook. It starts with "we_", for example we_1FHtDTKn0mu1dsAxqEMGG8eS. You will need this later.
Click on Click to reveal in the Signing secret section. Copy and save the secret. You will need this later.
Once you have completed your testing of the new payment method, you can delete the old Stripe payment gateway.
Configuring your Nexudus Payment Method
Log in to your Nexudus account at platform.nexudus.com.
Go to Settings > Payments > Payment Methods: https://platform.nexudus.com/settings/payments/paymentmethods
Search for "Stripe Payment Intents" and click on it.
Type your Stripe Secret Key in the Login field.
Type the Webhook Id you copied from the URL earlier in the Webhook Id field.
Type Signing Secret you copied earlier in the Webhook Signing Secret field.
Click Save changes.
Updating your Template Files
Log in to your Nexudus account at platform.nexudus.com.
Go to Settings > Website > Templates > Open Template Files: https://platform.nexudus.com/templates
Select the payment_scripts.htm file and click Update
Select the payment_history.htm and click Update
Select the gateway_payment_form.htm and click Update
SCA outside of EU
For customer who want to use the latest Stripe integration but are not located in the EU will need to disable 3D secure.
In Settings-> Website-> Templates look for payment_script.html and remove line 71 and 72.
Last updated