Posted on Leave a comment

An Important Note about Secure Customer Authentication

On the 14th of September a new EU wide directive will come into force regulating online transactions inside the EU. Basically, Secure Customer Authentication, or SCA will require that online transactions will require two factor authentication. This means that any online store has to support this in order to continue to take orders. This store is already set up for this, and it may already be in effect.

So what does this mean?

Basically when you go to check out, at the payment stage, your bank will require an additional layer of authentication in order to authorise the payment. This can be anything from a code the bank texts to you, to authentication through a smartphone app. An example of this that has been in place for sometime is 3d secure.

This takes place between you and your bank and is provided by your credit or debit card provider. The authentication is not actually directly part of this store, but rather comes from your payment provider, and is handled by the payment processors that I use on the site, which are Stripe and PayPal. The stated idea of this is to make payments more secure and reduce fraud.

While I appreciate that many people will be frustrated by an additional layer of interaction when making a purchase, it is completely out of my hands. It is a required law, and is done at the payment processor stage, not by the website. However, to add a wrinkle to this, some payments are exempt and some will be automatically allowed, so the user experience may well be different depending on your bank and the cost of the order. Orders below €30 may be exempt, and in this case you shouldn’t see any difference, but this is up to the payment providers to decide. It’s important to note, that this isn’t just for my store, or similar stores, it’s for any online transaction inside the EU.

The upshot of all this is that if you’re purchasing from this store, you may get an additional pop-up from your bank at the payment stage. Your own bank should have details of this too. If you are outside the EU it is unclear how this will affect you. It is supposed to affect users whenever one end of a transaction is in the EU, however, with PayPal, it’s not clear, as they may consider PayPal one end of the transaction. Critics of this new law are concerned that it will affect online sales in Europe, and I can understand the concern. I am curious to see if it has a majorly negative effect on my sales.

I do apologise for the extra hassle, although, as I said its out of my hands. I regularly get people complaining at even having to enter the standard legally required information, so I assume the same people will be extra frustrated at this. While this is currently an EU thing it should be noted that several other countries outside the EU are considering similar legislation.

For more Information, here is a good article from Visa explaining what SCA is and how it will affect you.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.