EventEspresso.com just got a fresh makeover; enjoy the new brew. ☕️
Posted by Michael Nelson
The Second Payment Services Directive (PSD2) and Strong Customer Authentication (SCA) come into enforcement across Europe September 14, 2019. Although we’ve written about it before, we thought we should answer some questions about how this impacts payments on your Event Espresso-powered website.
PSD2 is a set of new European regulations regarding payments, one of which is SCA. If your website does not meet the requirements of SCA, your European customer’s banks may refuse payment. The new requirements apply to online transactions where the issuing and acquiring banks are located in the European Economic Area (EEA).
We’ll explain how to meet the requirements of SCA in order to keep accepting payments even after PSD2 comes into effect.
Realize SCA doesn’t affect small payments, and it actually may not go into full enforcement right away. Banks may not start refusing payments immediately if you don’t meet the SCA requirements.
So what do you need to do to get your Event Espresso site ready? It depends on which of our many payment gateway integrations you’re using.
We’ve been working hard to make as many of our payment gateway integration add-ons SCA-ready as possible, but not all of them are.
Some of the payment gateways (like all the Authorize.net options) simply will never be SCA-ready because the payment gateways themselves are not SCA-ready (their representatives have contacted us and specifically told us that, and that they are migrating their users over to CyberSource). Others have needed to be prioritized by the number of users, and whether good, easy substitutions exist.
And lastly, perhaps now is a good time to switch to a better payment gateway. Don’t get us wrong, we love all our payment gateway integration add-ons. But some require you, the website owners, to do more work to be PCI-compliant (especially the onsite payment gateways, where the user submits their credit card information directly to your server). That’s why we generally encourage you towards offsite gateways (or ones that accept credit card data in a pop-up window, or in an iFrame) because it protects you and your customers.
So if you need to make changes to become SCA-ready, please take this as an opportunity to move to a payment gateway that better protects you and your customer’s data. We recommend Stripe as a great option with strong compliance features built into it.
Here are our top picks if you need to switch payment gateways:
Our updated Stripe payment gateway using Elements integration is a good choice. They’ve been great at helping their users prepare for PSD2 and SCA. Stripe Elements allows customers to pay on your website, but your server never handles any of the credit card details. You can customize when you want 3D secure authorization to occur, and when it does, it all happens in a modal dialogue instead of a pop-up window, so ad-blockers won’t flag it as suspicious.
Braintree’s features are very similar to Stripe’s: it keeps customers on your website, but donesn’thandle any credit card details, and 3D secure happens in a modal dialogue. As an extra bonus, it also allows customers to pay with PayPal in a pop-up window.
For event managers in the United Kingdom, Sage Pay is an economical choice. Instead of charging a percent of your sales, they charge a flat monthly rate. Our Sage Pay add-on now also supports “Server Integration” payment method, which sends the user offsite for payment, and takes care of doing 3D secure authorization only when necessary.
And there are other good options. Look at the table above for the ones highlighted green or blue.
We hope this clarifies what to do in order to become SCA-ready.
In case you need to switch payment methods in order to become SCA-ready, here’s some good news: use this special link to get an15% discount on your purchase of your next gateway, usable for a limited time.
If you have any questions, please comment or reach out on our support forums. We’re here to help.