Stripe Update: Strong Customer Authentication (SCA) Support
Upcoming regulations for European customers require Strong Customer Authentication (SCA) for qualifying online transactions. In preparation for the new programs, Formsite has updated its Stripe payment integration to the SCA-ready version.
Strong Customer Authentication is a European program to help make online payments more secure. As part of the second Payment Services Directive (PSD2), SCA requires extra info to complete payments.
Like 2-factor authentication, SCA requires 2 of 3 of the following:
- Something the customer knows (password, PIN, etc.)
- Something the customer has (device)
- Something the customer is (fingerprint)
When is Strong Customer Authentication required?
SCA applies to transactions where both the business and the cardholder’s bank are located in the European Economic Area (EEA).
The new Formsite Stripe integration is SCA-ready but currently still optional. The current deadline for implementing SCA is December 31, 2021. That deadline has moved back a couple of times, though, so it may move again before that date.
Since the requirements are still optional, many organizations haven’t implemented SCA yet. Making the change to the integration now lets Stripe update the SCA logic in real time. This strategy allows for taking into account each country’s enforcement timeline.
How has the integration changed?
The classic Stripe integration displayed a small modal window on the Formsite Order Review page. The new Stripe integration takes the customer to Stripe to pay, then returns them to the Success Page.
One of the essential benefits of the new integration keeps the process invisible for form owners and customers. Stripe uses specific metrics for when to collect authentication for maximum ease of use. Formsite combines SCA with PCI compliance to provide form owners with peace of mind. Using Stripe to collect the credit card information securely prevents the card information from accidental mishaps.
The Stripe integration settings page remains identical to the previous version. The ‘test’ and ‘live’ API codes are still supported by Stripe and allows for testing the process. See the support page for details about setting up and using the Stripe integration.