The Second Payment Services Directive (PSD2) and Strong Customer Authentication (SCA) come into enforcement across Europe September 14, 2019. Although we’ve written about it before, we thought we should answer some questions about how this impacts payments on your Event Espresso-powered website.
PSD2 is a set of new European regulations regarding payments, one of which is SCA. If your website does not meet the requirements of SCA, your European customer’s banks may refuse payment. The new requirements apply to online transactions where the issuing and acquiring banks are located in the European Economic Area (EEA).
We’ll explain how to meet the requirements of SCA in order to keep accepting payments even after PSD2 comes into effect.
Realize SCA doesn’t affect small payments, and it actually may not go into full enforcement right away. Banks may not start refusing payments immediately if you don’t meet the SCA requirements.
So what do you need to do to get your Event Espresso site ready? It depends on which of our many payment gateway integrations you’re using.
Article Outline
- The gateways fall into 5 categories:
- Find your payment gateway(s) below, whether it’s SCA-ready, and what we recommend you do.
- SCA Ready: no action required
- The latest version is SCA-ready: requires update
- Not SCA-ready: suggest easier alternative
- Not compliant with SCA: but does not work for European payments anyway
- Not compliant with SCA: select a new SCA-ready payment gateway
- Why Isn’t My Payment Gateway SCA-Ready?
- Which Payment Gateways are Best Suited for SCA?
- Get Ready! (If you aren’t already)
The gateways fall into 5 categories:
- SCA-ready, and have been for some time
- The latest version is SCA-ready, requires update
- Not SCA-ready, suggest easier alternative
- Some don’t comply, but don’t work for European payments anyway
- Not compliant with SCA, select a new SCA-ready payment gateway
Find your payment gateway(s) below, whether it’s SCA-ready, and what we recommend you do.
Again, these recommendations apply to online transactions where your customer’s bank (issuing bank) and your bank (acquiring bank) are located inside the European Economic Area (EEA).
SCA Ready: no action required |
||
| Payment Gateway | Compliance | Recommendation for EU Merchants |
| CyberSource | SCA compliant | No change required |
| Mollie | SCA compliant | No change required |
| PayPal Express | SCA compliant | No change required |
| PayPal Standard (deprecated) | SCA compliant | No change required |
The latest version is SCA-ready: requires update |
||
| Payment Gateway | Compliance | Recommendation for EU Merchants |
| Braintree | SCA compliant update available | Update to the latest version of Braintree, which automatically adds 3D secure v2 |
| Sage Pay | 3D secure available through server integration | Update the add-on, deactivate the old “Sage Pay” payment method and activate the SCA-compliant “Sage Pay Server Integration” instead |
| Stripe | The “Stripe Elements” type is SCA-ready. | Please update to Stripe Add-On to version 1.1.6, and change from “Checkout (legacy)” (the old default) to “Stripe Elements”. See the blog post all about this |
Not SCA-ready: suggest easier alternative |
||
| Payment Gateway | Compliance | Recommendation for EU Merchants |
| Authorize.net AIM | Not SCA compliant | Switch to CyberSource |
| Authorize.net SIM | Not SCA compliant | Switch to CyberSource |
| Authorize.net Accept | Not SCA compliant | Switch to CyberSource |
| Authorize.net e-Check | Not SCA compliant | Switch to CyberSource |
| PayPal Pro | No 3D secure integration built, but it’s possible | Switch to PayPal Smart Buttons or PayPal Express |
| PayPal Payflow Pro | No 3D secure integration built, but it’s possible | Switch to PayPal Smart Buttons or PayPal Express |
Not compliant with SCA: but does not work for European payments anyway |
||
| Payment Gateway | Compliance | Recommendation for EU Merchants |
| iPay 88 | Does not accept European payments | No change required |
| MIGS | Does not accept European payments | No change required |
Not compliant with SCA: select a new SCA-ready payment gateway |
||
| Payment Gateway | Compliance | Recommendation for EU Merchants |
| Chase PaymentTech Orbital | Not SCA compliant | Change to an SCA-ready payment gateway |
| FIrst Data Payeezy | Not SCA compliant | Change to an SCA-ready payment gateway |
| Infusionsoft | Not SCA compliant | Change to an SCA-ready payment gateway |
| Mijireh (CloudSwipe) | Not SCA compliant | Change to an SCA-ready payment gateway |
| Intuit Quickbooks | Not SCA compliant | Change to an SCA-ready payment gateway |
| TSYS TransFirst | No 3D secure | Change to an SCA-ready payment gateway |
Don’t see your payment gateway in the list? If it’s for Event Espresso 3, please create a support topic in our support forums for feedback. If it’s a payment gateway integration made by a 3rd party developer, please contact the developer.
The above recommendations are current as of September 13th, 2019. For the most up-to-date information, check out the product page for the respective payment gateway integration add-on from our website.
Why Isn’t My Payment Gateway SCA-Ready?
We’ve been working hard to make as many of our payment gateway integration add-ons SCA-ready as possible, but not all of them are.
Some of the payment gateways (like all the Authorize.net options) simply will never be SCA-ready because the payment gateways themselves are not SCA-ready (their representatives have contacted us and specifically told us that, and that they are migrating their users over to CyberSource). Others have needed to be prioritized by the number of users, and whether good, easy substitutions exist.
And lastly, perhaps now is a good time to switch to a better payment gateway. Don’t get us wrong, we love all our payment gateway integration add-ons. But some require you, the website owners, to do more work to be PCI-compliant (especially the onsite payment gateways, where the user submits their credit card information directly to your server). That’s why we generally encourage you towards offsite gateways (or ones that accept credit card data in a pop-up window, or in an iFrame) because it protects you and your customers.
So if you need to make changes to become SCA-ready, please take this as an opportunity to move to a payment gateway that better protects you and your customer’s data. We recommend Stripe as a great option with strong compliance features built into it.
Which Payment Gateways are Best Suited for SCA?
Here are our top picks if you need to switch payment gateways:
Stripe
Our updated Stripe payment gateway using Elements integration is a good choice. They’ve been great at helping their users prepare for PSD2 and SCA. Stripe Elements allows customers to pay on your website, but your server never handles any of the credit card details. You can customize when you want 3D secure authorization to occur, and when it does, it all happens in a modal dialogue instead of a pop-up window, so ad-blockers won’t flag it as suspicious.
Braintree
Braintree’s features are very similar to Stripe’s: it keeps customers on your website, but donesn’thandle any credit card details, and 3D secure happens in a modal dialogue. As an extra bonus, it also allows customers to pay with PayPal in a pop-up window.
Sage Pay
For event managers in the United Kingdom, Sage Pay is an economical choice. Instead of charging a percent of your sales, they charge a flat monthly rate. Our Sage Pay add-on now also supports “Server Integration” payment method, which sends the user offsite for payment, and takes care of doing 3D secure authorization only when necessary.
And there are other good options. Look at the table above for the ones highlighted green or blue.
Get Ready! (If you aren’t already)
We hope this clarifies what to do in order to become SCA-ready.
In case you need to switch payment methods in order to become SCA-ready, here’s some good news: use this special link to get an15% discount on your purchase of your next gateway, usable for a limited time.
If you have any questions, please comment or reach out on our support forums. We’re here to help.