Event Espresso Stripe Add-On Adds PSD2 Compliance

The Event Espresso Stripe Add-on 1.1.4 update will add compliance with Strong Customer Authentication (SCA), a new requirement of Europe’s second Payment Services Directive (PSD2). If you accept payments from European customers with Stripe, we recommend that you update and switch to using Stripe Elements before September 19th, when PSD2 comes into enforcement.

Keep reading to find out what is changing in the Event Espresso Stripe add-on.

Your website does not operate in a vacuum. WordPress updates their code periodically, other plugins and themes change, and sometimes government policies change. You should update the software on your WordPress website often to keep it secure and have access to new features. The benefit of having an active support license for your Event Espresso plugins is that you have access to software updates and help that can keep your events up and running. This update for the Stripe add-on is another example of why you want to keep your support license active to have access to the software updates to the Stripe integration.

What are PSD2 and SCA?

European Regulators are at it again with PSD2. It adds SCA, which is a set of requirements designed to reduce fraud by requiring customers to provide 2 of the following things:

  • Something they know (e.g., password or PIN)
  • Something they have (e.g., a phone or token from an app like Google Authenticator)
  • Something they are (e.g., fingerprint or face recognition)

Stripe has a good summary of PSD2 and SCA. Speaking of Stripe…

How Does Event Espresso Stripe Add-on Add Compliance for PSD2?

Stripe has added support for SCA through Stripe Elements (and accompanying technologies like Stripe JS and Payment Intents), which primarily add 3D secure authentication.

Stripe Elements adds special form inputs which directly send the sensitive credit card information to their PCI-compliant server, without having them ever touch your server. Then, based on factors like the customer’s location and bank, Stripe will show a pop-up requesting on behalf of their bank, in order to verify the customers’ identity before approving the payment.

With Stripe Elements, your customers never leave your website, even though card processing happens entirely on Stripe’s servers and 3D secure authentication happens through their bank. That means, with regards to PCI compliance, your website will be at the least strict level, SAQ-A.

What is Changing in the Event Espresso Stripe Add-on?

The Event Espresso Stripe Add-on now supports two different types of integrations: the new Stripe Elements, and the legacy Stripe Checkout.

When you update to 1.1.4, you will continue to use the legacy Stripe Checkout so that initially nothing will change for you or your customers. However, because the legacy Stripe Checkout does not comply with SCA, your European customers might not be able to pay with it.

For that reason, it is recommended you switch to the new Stripe Elements, which complies with SCA.

Stripe Checkout and Stripe Elements use the same credentials, so you can change between them easily by just changing a single setting in Event Espresso Stripe Payment Method’s settings. (And if you use Payment Methods Pro, you could even have Stripe Elements active on some events, and Stripe Checkout active on others.)

The only possible hurdle to using Stripe Elements is that it requires your website to use HTTPS. That’s not because your website will handle any sensitive credit card information. It’s because Stripe Elements’ special credit card inputs are served over HTTPS, and if the rest of your site is using HTTP, web browsers (like Chrome or Firefox) will give visitors warnings. So please make sure your website’s address starts with HTTPS. Our users’ favourite hosting companies, like SiteGround, make your site HTTPS for free.

How Do I Prepare for PSD2?

  1. Upgrade your Event Espresso Stripe Add-on to 1.9.4 (aren’t you glad you have an active support license? If you don’t, get one here: https://eventespresso.com/pricing)
  2. Make sure your site is on HTTPS
  3. Switch your Stripe Payment Method’s integration to “Stripe Elements” through your WP-admin (WP dashboard) → Event Espresso → Payments Methods → Stripe, then change “Integration Type” setting to “Stripe Elements” and save.

If you don’t want to accept payments from European customers, or you’re unable to switch your site to HTTPS right away, you can continue to use the Stripe payment method’s “legacy Stripe Checkout” for now. Just realize it may be discontinued (a.k.a. deprecated) in the near future. 

What About Other Gateways?

Do you have European customers but use another payment method?

Off-site payment methods, like PayPal Express and PayPal Smart Buttons, added compliance for SCA from their end, so no update was needed. Other on-site payment methods, like PayPal Pro and Authorize.net AIM, will need updating. Your support license contributions are supporting our developers on working on those as we speak. Please stay tuned!

Thank you for using Event Espresso and trusting us with your events.

Questions?

Please comment if you have questions or suggestions.

Note: this post does include an affiliate link to our customers’ favorite hosting company and a few internal links too.

3 thoughts on “Event Espresso Stripe Add-On Adds PSD2 Compliance

    • Oh- good question @drkings1!

      It should be released any day now- the feature is all done development and internal testing. We just need to pull the trigger and release it.

      (When I originally wrote the post, I thought we’d publish the post after releasing the new version of our Stripe Add-on, which is why I totally neglected to mention its release date.)

Share a Reply or Comment

Your email address will not be published. Required fields are marked *

Need help with Event Espresso? Create a support post in our support forums

Do NOT follow this link or you will be banned from the site!