Strong Customer Authenitcation – What Is It?
If you run an online shop you use a payment processor to handle credit card transactions. Companies like Stripe, Global Payments or Sage Pay are popular options but there are many more in the market. Regardless of which provider you use, you will (or should) have been receiving updates from them with regard to changes in how credit card transactions are going to be handled.
Strong Customer Authentication, sometimes referred to as 3D Secure adds an additional layer of security to a credit card transaction to cut down on the level of credit card fraud. In the past this extra authentication came in the form of additional security questions about your credit card limit or billing details and if we are honest it caused a lot of frustration for the end user. This frustration and the inevitable drop in sales meant that many online retailers chose to forgo the more secure option in exchange for a simpler shopping experience for their customers.
The freedom to be less secure or simpler has already come to an end for some customers, but from December 31st, 2020 it will come to an end for all customers. Card processors will no longer accept payments that do not use SCA.
On the upside the methodology for Strong Customer Authentication was upgraded back in 2018 to make it simpler for customers. Most of us are now all too familiar with the text message from our bank asking us to enter an additional code or confirm a transaction.
On the downside many payment providers have only just released their updated documentation and APIs for those customers using built in payment pages. This has left scant time for ecommerce sites to upgrade.
The original deadline for SCA2 compliance was September 2019 but this was pushed back at the last minute until the end of 2020. This gave sufficient time for processors to adapt but many have left the push for compliance on their API processes until the last quarter of the year which coincides with the busiest time of year for retailers and means that many will realise too late that they needed to act.
Stripe pushed the mandatory change back in September 2019. So, if you use Stripe, PayPal, or a Hosted Payment Page (HPP) you are not at risk. However, if you are using another provider via remote payment process, then you need to make sure you are up to date. New Year’s Day is a terrible time to discover your site will no longer takes payments.
Some simple steps you can take now to avoid calamity:
1 – Identify what company processes your credit card payments (if you do not know check with your web developers)
2 – Contact them and ask if your payment process is compatible with SCA2 (if possible, get that in writing)
3 – If they advise that you need to upgrade contact your web design company and ask them to take the required steps.
Given the incredible upsurge in demand for web development, particularly in the ecommerce space you may find that your provider will not be able to make the upgrades in time to meet the deadline and if that is the case you should look at having a backup. Adding a compliant processor like Stripe or PayPal, even as a short-term measure will give you the time and space to get the updates done without impacting the website sales.
As always Dmac Media are on hand to help if SCA is causing you issues so just contact us here if you need to talk.