The new SCA (Strong Customer Authentication) regulations have now arrived. We have updated our checkout workflow to incorporate the SCA process in order to comply with the new regulations.
Thrinacia Atlas Changelog – 2021-01-21
What is SCA and who is enforcing this?
SCA stands for Strong Customer Authentication and is a new European regulatory requirement designed to reduce fraud for online payments. According to Stripe, this new workflow must involve at least two of the following 3 elements:
- Something the customer knows – This could be a password or a PIN number.
- Something the customer has – This could be phone or other hardware.
- Something the customer is – This could be a fingerprint or technology using face recognition.
If requested by the issuing bank, customer is required to use some of the elements above in the checkout process to verify their identity before making the purchase online.
The date for enforcement has now been reached. If you are part of the regions that will be affected, you may have received an email from Stripe as a reminder about the new regulations. If you are unsure about enforcement dates or regions affected, you can view the enforcement dates here.
SCA workflow on Thrinacia Atlas Web UI
Now that you are familiar with SCA, how is this going to work on the Atlas platform?
We have sent an automatic update to include the following workflow when using a credit card for a user that would require Strong Customer Authentication due to their bank or credit card issuer.
The user must first enter the credit card information and click the pledge button as they normally would to initiate the process.
After clicking the pledge button, the user will be prompted with the following.
A different workflow may be presented when using Live mode for payment processing. The user must follow the steps as instructed in the popup provided by Stripe. Once authenticated, the transaction is now complete and secure as per the SCA regulations.
If you are running an All or Nothing campaign with post processing charges enabled, the process may be a bit different. Once you have made the contribution, the campaign must reach the end date before charging the backers.
At this point, if the backer that made the purchase with a credit card that requires SCA confirmation for payment, that backer will receive an email stating that the pledge was unsuccessful and will need to confirm it. Inside the email, there will be a link that asks if the user would still like to contribute to the campaign and if so, they can click on a link. This link will bring the user to the following page:
The Backer will have the option to Authenticate with the card they used or try with a new card. Once they click on the pledge button, they will be prompted to authenticate using the new SCA workflow.
This feature is not something you can turn ON or OFF. It is enabled automatically from now and it is enforced only for those card holders that are affected.
Feel free to ask us any questions you may have on our Discord chat, and follow our weekly updates on our blog.