SCA PSD2_Compliance
Posted Aug 15, 2019 by Qetzal, Head of Product

How to Prepare for the PSD2 Strong Customer Authentication Regulation (09/2019)

Beginning September 14, 2019, some banks will be declining online payments that are not protected by additional authentication.

Strong Customer Authentication (SCA) is a new legal requirement from the European Union. It comes into force in September as part of the Revised Directive on Payment Services. PSD2 is aimed at fighting fraud and making online transactions more secure.

As an online store owner who accepts credit cards or bank transfers online, you’ll need to prepare for this change to provide a frictionless checkout flow for your customers. To make things a little easier, we’ve summarized everything you need to know in this quick article.

Subscribe to the Ecwid E-commerce blog
Please enter a valid email address

What Strong Customer Authentication Means

Each time you pay for something online, you confirm your identity in a process known as “authentication.” Just like having a key to your front door protects your home from trespassers, authentication protects your money from fraudlers online.

There are three ways (or authentication factors) to prove your identity:

  • Knowledge: a secret that only you know (a PIN, a password, an old girlfriend’s birthday);
  • Ownership: a physical object in your possession (ID, credit card, mobile phone);
  • Inherence: a physical feature unique to you (your fingerprint, signature, Face ID, or voice.)

Strong Customer Authentication (SCA) requires anyone processing online payments to require an extra step to verify a customer’s identity when they pay with credit cards or bank transfers online. So instead of a single form of authentication, shoppers will be asked to provide two authentication factors from the list above. The exact method (for example, entering a one-time code) will be chosen by the cardholder’s bank.

How to Prepare for SCA with Ecwid

Responsibility to comply with SCA is mostly on your payment gateway. Your chosen payment gateway will be required to implement an extra authentication step for credit card payments in order to do business in the EU.

However, if your payment gateway chooses not to comply with SCA requirements, some credit card payments in your online store can be declined, resulting in lower conversion rates and lost sales. So while the responsibility is on the payment gateway, you may still feel the consequences.

But SCA doesn’t affect every merchant under the sun. What you need to be prepared depends on where you sell and how you get paid.

I’m not from the EU 

If you’re not from — or doing business in  the EU, SCA won’t affect you.

However, if your bank is not in Europe but your customer’s is, SCA may still apply. The final decision is up to the cardholder’s bank. So some European issuing banks will require SCA when the payment recipient is outside of Europe, while others may not.

If you’re from the US or another non-EU country, but have customers from Europe, it’s a good idea to offer an SCA-compliant payment method anyway to avoid credit card payments being declined. In this case, read the instructions for EU merchants below to learn how to prepare for SCA.

I’m from the EU

SCA applies to you if both your customers and your banks are located in Europe, but your action beyond that depends on how you get paid for your orders.

I accept credit cards. You’ve got the lucky ticket. SCA applies specifically to credit cards and bank transfers. So it’s important that you make sure your payment gateway is SCA-compliant:

  • If you accept credit cards online with Stripe or Square, we’ve automatically taken care of SCA compliance updates for you — just make sure you use Ecwid’s one-page checkout, the latest and most optimized checkout page for your Ecwid store.
  • If you use other online payment options to accept credit cards or bank transfers (for example, Authorize.Net, 2Checkout), contact your payment gateway support team to сonfirm their compliance with SCA. If your payment gateway redirects customers to their website to complete transactions (such as Authorize.Net), adjustments will need to be made on the gateway-side according to the new SCA standard. If your payment gateway doesn’t have plans to comply with new SCA requirements, consider adding other payment options to your store. Selling with Ecwid E-commerce gives you access to over 50 payment options for accepting payments online and in-person.

I don’t accept credit cards. If you only accept payments in cash or by other offline methods, you’re off the hook! SCA only applies to online payment methods in this scenario.

I’m from the UK

If you live in the UK, SCA applies to you. Even if the UK is out of EU, SCA will still apply to the UK citizens.

But there’s good news: the UK has extended the compliance deadline, so you have over a year to meet the new requirements.

Over to You

Although SCA doesn’t legally require merchants to comply, it’s strategic to do so for two reasons:

  • To be sure you’re not losing customers over transaction failures after September 14.
  • To offer additional security for your customers during checkout with SCA-compliant payment gateways.

Take a couple minutes to revise your connected payment options — and let us know if we can help!

Subscribe to the Ecwid blog to get more updates on SCA and other vital industry news and e-commerce tips.

About the author
Qetzal is Head of Product at Ecwid. He loves to create new things to make people's lives easier.
We use cookies and similar technologies to remember your preferences, measure effectiveness of our campaigns, and analyze depersonalized data to improve performance of our site. By choosing «Accept», you consent to the use of cookies.