Ecwid and SCA (Strong Customer Authentication)
On September 14, 2019 a new regulation for online payments called Strong Customer Authentication (SCA) took effect in Europe. It’s aimed at reducing fraud and providing more security for online payments.
As a store owner selling to customers in Europe and accepting credit cards or bank transfers online, you should prepare your store in order to be ready for SCA so that you could continue accepting payments with no disruptions. In this article, we explain what SCA is and what you can do to get ready for it.
Strong Customer Authentication is a part of the second Payment Services Directive (PSD2) which was created to make online payments safer and more secure. SCA adds an extra step to the payment process where customers further authenticate their identity in order to complete the payment.
Strong Customer Authentication applies if the banks of the buyer and the seller are both located in the European Economic Area. It may also apply if only a buyer’s bank is in Europe. The final solution whether to apply SCA is made by the issuing bank. So, even if your store is not in Europe but you sell to European customers, we recommend that you should get ready for SCA. This will help you avoid transactions being declined when SCA comes into force.
On the buyer’s side, the payment process with SCA will involve the following steps: the buyer will check out in your store and then proceed to the payment step. Once on the payment step, the buyer will enter their card details as usual, but then must pass an extra step to authenticate their identity.
The authentication method is set by the card issuing bank. For example, it could include a one-time code sent to a mobile phone or a fingerprint in the bank’s mobile app.
Once this step has been passed the transaction will be processed. If the bank requires SCA but SCA authentication is not asked for nor completed during the payment, the transaction will be declined by the bank.
The preparation for SCA lies mostly on the payment gateways. They should adapt to this new regulation to allow buyers to pass the extra authentication step for online payments.
Yet there is also something you may do to make sure that your store will comply with SCA and you can keep accepting credit cards online from European customers flawlessly. Below we explain what you can do depending on where you sell and how you accept payments.
Stores outside the EU
SCA is the regulation to be applied in the EU zone. However, if you are not in the EU, but your customers are, the SCA may apply in this case as well.
The final decision whether to apply SCA when only customer’s bank is in EU is made by the card issuing bank. It’s better for you to be ready for SCA to be sure that EU customers can complete payments in your store. Keep reading to find out what you can do.
Stores in the EU
SCA will apply when both banks (yours and customer’s) are located in Europe. Depending on what payment methods you use, you can carry out different steps.
Stores accepting credit cards
- If you are using Stripe or Square in your store, we’ve made sure that your store is SCA compliant. You don’t need to worry about anything as long as you are using one-page checkout in your Ecwid store.
- Go to your Ecwid control panel → Settings → What’s new.
- Find the Next-gen Storefront or Next-gen Checkout Flow update and enable it. You will see one of these updates in your store depending on whether you are already using the next-gen design for other store pages.
- If you are using other payment methods like Authorize.Net, 2Checkout, etc., all the preparations should be done by the payment gateway as the whole payment process takes place on their website — customers are redirected from your store checkout to the gateway’s website.
Contact the support team of the payment gateway you use to find out whether they are going to comply with SCA.
Stores not accepting credit cards
If customers pay you in cash or with other offline payment methods, no actions from you are needed! SCA applies only to accepting credit cards online.