As a part of the second Payment Service Directive (PSD2) regulation, a new rule named Strong Customer Authentication (SCA) has been introduced in Europe for ensuring secure online payment transactions. The regulation demands to have a two-way authentication for all the online payment transactions. Transactions that fail to meet the SCA authentication parameters may be declined by the concerned banks.
In order to ensure SCA compliance for online payments, you will have to implement an additional authentication in the checkout flow. To comply with the SCA requirement, the customer’s identity has to be verified using at least two of the following:
- Something the user KNOWS (e.g. password, pin)
- Something the user HAS (e.g. ID card, mobile phone)
- Something the user IS (e.g. biometrics)
For businesses like an eCommerce store where the customer is charged during checkout, the SCA authentication can be done during the purchase. With SCA, customers will be made to re-authenticate the purchases with a stored card by returning to a website or app. This may be tough for the business systems to manage, frustrated for customers to deal with eventually making the checkout a complicated process. This aside, the authentication procedure may also vary depending on the different localities, the bank involved and the cards network.
WooCommerce Stripe Payment Gateway is equipped to handle all these hassles effortlessly. We ensure that your customer has to go through all these authentications only if truly necessary. And when the customer does need to authenticate, it is done with reliable technologies like biometric ID and 3D secure2.
How SCA changes checkout workflow?
The checkout with SCA compliance may require you to have an additional authentication step(dynamic authentication) in the checkout workflow.
- Payment initiation
To initiate a payment, the customer will have to enter the card details and complete the checkout form.
- Prompt dynamic authentication
The stripe platform may check the necessity for authentication. If authentication is required, depending upon the bank, it uses the 3Dsecure2 to initiate a one-time passcode or biometric ID.
- Payment completion
Once the authentication is successful, the payment will be completed.