Are you ready for Strong Customer Authentication?

Strong Customer Authentication (SCA) comes into force on 14th September. This will affect everyone who makes or takes payments online. These European regulations aim to reduce fraud and to make online payments more secure. You may already be aware of the regulations as all card suppliers have been recommending that you register a mobile phone number with them. When the new regulation comes in, once you have supplied your card details, the card provider will send you a verification code in order to complete the transaction.

Will this affect my business?

If you are selling online and accept online payments, these will be subject to SCA regulations. Whether you need to take any action will depend on how you are processing transactions. A typical setup uses WordPress with a plugin such as WooCommerce to manage the online shop. This plugin will use a gateway to process the purchase. While PayPal is probably the most commonly used, there are also gateways such as Stripe and WorldPay. Some vendors will use gateways provided by their bank. A few will process payments on the website.

Do I need to do anything?

First of all, check that the software you are using will be compliant by 14th September. The software website should have a statement about SCA. For example, the Paid Membership Pro team has stated that they will be compliant by the deadline. WooCommerce has a list of compliant gateways here but note that you may be using a third party gateway, in which case you need to check with them.

If you use PayPal to host your payments, they will be rolling out upgrades so you do not need to take any action. Note that you will need to check further if you are taking payments on your site with PayPal Direct.

The major vendors have been working on upgrading their software to ensure compliance for some time now. They will be rolling out software updates which comply with the new regulations (if they have not already). You need to make sure that these updates are applied to your site to ensure compliance.

If you are using bespoke software, you will need to speak to your supplier. If the software is not updated, you risk alienating your users and losing your sales.

Some vendors, including Stripe, have asked their customers to confirm what platforms and software they are using. If you do get such an email, do not ignore it!

Your action list

  • Find out what software and gateways your site is using.
  • Check whether it is going to be compliant by the deadline.
  • Ensure that updates are completed in good time.
  • Make sure you respond to any vendor questions in good time.
  • If you are using unsupported or non-compliant software, now is the time to change!

If you are using a web developer to manage your site, speak to them and they will be able to advise.