EventEspresso.com just got a fresh makeover; enjoy the new brew. ☕️
Posted by Michael Nelson
The Event Espresso Stripe Add-on 1.1.4 update will add compliance with Strong Customer Authentication (SCA), a new requirement of Europe’s second Payment Services Directive (PSD2). If you accept payments from European customers with Stripe, we recommend that you update and switch to using Stripe Elements before September 19th, when PSD2 comes into enforcement.
European Regulators are at it again with PSD2. It adds SCA, which is a set of requirements designed to reduce fraud by requiring customers to provide 2 of the following things:
Stripe has a good summary of PSD2 and SCA. Speaking of Stripe…
Stripe has added support for SCA through Stripe Elements (and accompanying technologies like Stripe JS and Payment Intents), which primarily add 3D secure authentication.
Stripe Elements adds special form inputs which directly send the sensitive credit card information to their PCI-compliant server, without having them ever touch your server. Then, based on factors like the customer’s location and bank, Stripe will show a pop-up requesting on behalf of their bank, in order to verify the customers’ identity before approving the payment.
With Stripe Elements, your customers never leave your website, even though card processing happens entirely on Stripe’s servers and 3D secure authentication happens through their bank. That means, with regards to PCI compliance, your website will be at the least strict level, SAQ-A.
The Event Espresso Stripe Add-on now supports two different types of integrations: the new Stripe Elements, and the legacy Stripe Checkout.
When you update to 1.1.4, you will continue to use the legacy Stripe Checkout so that initially nothing will change for you or your customers. However, because the legacy Stripe Checkout does not comply with SCA, your European customers might not be able to pay with it.
For that reason, it is recommended you switch to the new Stripe Elements, which complies with SCA.
Stripe Checkout and Stripe Elements use the same credentials, so you can change between them easily by just changing a single setting in Event Espresso Stripe Payment Method’s settings. (And if you use Payment Methods Pro, you could even have Stripe Elements active on some events, and Stripe Checkout active on others.)
The only possible hurdle to using Stripe Elements is that it requires your website to use HTTPS. That’s not because your website will handle any sensitive credit card information. It’s because Stripe Elements’ special credit card inputs are served over HTTPS, and if the rest of your site is using HTTP, web browsers (like Chrome or Firefox) will give visitors warnings. So please make sure your website’s address starts with HTTPS. Our users’ favourite hosting companies, like SiteGround, make your site HTTPS for free.
If you don’t want to accept payments from European customers, or you’re unable to switch your site to HTTPS right away, you can continue to use the Stripe payment method’s “legacy Stripe Checkout” for now. Just realize it may be discontinued (a.k.a. deprecated) in the near future.
Do you have European customers but use another payment method?
Off-site payment methods, like PayPal Express and PayPal Smart Buttons, added compliance for SCA from their end, so no update was needed. Other on-site payment methods, like PayPal Pro and Authorize.net AIM, will need updating. Your support license contributions are supporting our developers on working on those as we speak. Please stay tuned!
Thank you for using Event Espresso and trusting us with your events.
Please comment if you have questions or suggestions.
Note: this post does include an affiliate link to our customers’ favorite hosting company and a few internal links too.