Beginning September 14, 2019, some banks will be declining online payments that are not protected by additional authentication.
Strong Customer Authentication (SCA) is a new legal requirement from the European Union. It comes into force in September as part of the Revised Directive on Payment Services. PSD2 is aimed at fighting fraud and making online transactions more secure.
As an online store owner who accepts credit cards or bank transfers online, you’ll need to prepare for this change to provide a frictionless checkout flow for your customers. To make things a little easier, we’ve summarized everything you need to know in this quick article.
What Strong Customer Authentication Means
Each time you pay for something online, you confirm your identity in a process known as authentication. Just like having a key to your front door protects your home from trespassers, authentication protects your money from fraudlers online.
There are three ways (or authentication factors) to prove your identity:
- Knowledge: a secret that only you know (a PIN, a password, an old girlfriend’s birthday);
- Ownership: a physical object in your possession (ID, credit card, mobile phone);
- Inherence: a physical feature unique to you (your fingerprint, signature, Face ID, or voice.)
Strong Customer Authentication (SCA) requires anyone processing online payments to require an extra step to verify a customer’s identity when they pay with credit cards or bank transfers online. So instead of a single form of authentication, shoppers will be asked to provide two authentication factors from the list above. The exact method (for example, entering a
How to Prepare for SCA with Ecwid
Responsibility to comply with SCA is mostly on your payment gateway. Your chosen payment gateway will be required to implement an extra authentication step for credit card payments in order to do business in the EU.
However, if your payment gateway chooses not to comply with SCA requirements, some credit card payments in your online store can be declined, resulting in lower conversion rates and lost sales. So while the responsibility is on the payment gateway, you may still feel the consequences.
But SCA doesn’t affect every merchant under the sun. What you need to be prepared depends on where you sell and how you get paid.
I’m not from the EU
If you’re not from — or doing business in
However, if your bank is not in Europe but your customer’s is, SCA may still apply. The final decision is up to the cardholder’s bank. So some European issuing banks will require SCA when the payment recipient is outside of Europe, while others may not.
If you’re from the US or another
I’m from the EU
SCA applies to you if both your customers and your banks are located in Europe, but your action beyond that depends on how you get paid for your orders.
I accept credit cards. You’ve got the lucky ticket. SCA applies specifically to credit cards and bank transfers. So it’s important that you make sure your payment gateway is
- If you accept credit cards online with Stripe or Square, we’ve automatically taken care of SCA compliance updates for you — just make sure you use Ecwid’s
one-pagecheckout, the latest and most optimized checkout page for your Ecwid store.
- If you use other online payment options to accept credit cards or bank transfers (for example, Authorize.Net, 2Checkout), contact your payment gateway support team to сonfirm their compliance with SCA. If your payment gateway redirects customers to their website to complete transactions (such as Authorize.Net), adjustments will need to be made on the
gateway-sideaccording to the new SCA standard. If your payment gateway doesn’t have plans to comply with new SCA requirements, consider adding other payment options to your store. Selling with Ecwid E-commercegives you access to over 50 payment options for accepting payments online and in-person.
I don’t accept credit cards. If you only accept payments in cash or by other offline methods, you’re off the hook! SCA only applies to online payment methods in this scenario.
I’m from the UK
If you live in the UK, SCA applies to you. Even if the UK is out of EU, SCA will still apply to the UK citizens.
But there’s good news: the UK has extended the compliance deadline, so you have over a year to meet the new requirements.
Over to You
Although SCA doesn’t legally require merchants to comply, it’s strategic to do so for two reasons:
- To be sure you’re not losing customers over transaction failures after September 14.
- To offer additional security for your customers during checkout with
Take a couple minutes to revise your connected payment options — and let us know if we can help!
Subscribe to the Ecwid blog to get more updates on SCA and other vital industry news and