3DS2 Compliance - Strong Customer Authentication (SCA)

On 14 September 2019, Europe will be subject to new requirements for authenticating online payments, under the second Payment Services Directive (PSD2). These new requirements come in the form of Strong Customer Authentication (SCA), which adds additional levels of authentication to the transactions between buyers and merchants within the European Economic Area (EEA). With this, the PSD2 aims to increasingly protect both buyers and merchants against fraud whilst maintaining a frictionless shopping experience.

This article provides an overview of what the SCA is, and if and how it influences your customers' transactions for payments through your Lodgify checkout.

💡Note: As of September 14th 2019, this new regulation only applies to EEA buyers purchasing from EEA merchants. However, this regulation is expected to be effective worldwide as of 2020.

Read about:

What is SCA

SCA stands for Strong Customer Authentication. Through this, online transactions become safer, as the buyer may be requested to provide additional authentication when making an online transaction such as an online booking. This authentication always includes at least two of the three options:

Authentication.png

Should a buyer not be able to complete all requested authentications within 15 minutes, the bank will decline the payment. 

 

When is SCA required

Whenever both the cardholder and the business' bank are located in the European Economic Area (EEA), the buyer's credit card issuing bank may challenge the transaction by initiating the SCA. The buyer is then simply asked to provide further authentication. 

However, this does not apply to all transactions. For repeat transactions within one purchase (for example if your payment schedule dictates multiple payment moments): only the initial transaction may be challenged.

 

How to comply with 3DS2's Strong Customer Authentication

The Lodgify integrations with Stripe and Payyo ensure compliance for customers who have the country within their Billing information being set to a country within the European Economic Area. If you are currently using these gateways, you do not need to take any action.

💡Note: Customers within the European Economic Area (as per the country set in their Billing information), will no longer be able to use or connect to Authorize.net or Braintree.

You do not need to take any action if:

  • Your bank account receiving your booking payments is within the European Economic Area.
  • The country set in your Billing information is set to a country within the European Economic Area.
  • You are using either Stripe or Payyo.

You do need to take action if:

  • Your bank account receiving your booking payments is within the European Economic Area.
  • The country set in your Billing information is set to a country within the European Economic Area.
  • You are using Authorize.net or Braintree.
Was this helpful?
3 out of 4 found this helpful