Is your Payment Method Ready to Comply with the EU’s SCA/PSD2 Regulations? And what to do if it isn’t.

The Second Payment Services Directive (PSD2) and Strong Customer Authentication (SCA) come into enforcement across Europe September 14, 2019. Although we’ve written about it before, we thought we should answer some questions about how this impacts  payments on your Event Espresso-powered website.

PSD2 is a set of new European regulations regarding payments, one of which is SCA. If your website does not meet the requirements of SCA, your European customer’s banks may refuse payment. The new requirements apply to online transactions where the issuing and acquiring banks are located in the European Economic Area (EEA).  

We’ll explain how to meet the requirements of SCA in order to keep accepting payments even after PSD2 comes into effect.

Realize SCA doesn’t affect small payments, and it actually may not go into full enforcement right away. Banks may not start refusing payments immediately if you don’t meet the SCA requirements.

So what do you need to do to get your Event Espresso site ready? It depends on which of our many payment gateway integrations you’re using. 

The gateways fall into 5 categories:

  •       SCA-ready, and have been for some time 
  •       The latest version is SCA-ready, requires update
  •       Not SCA-ready, suggest easier alternative
  •       Some don’t comply, but don’t work for European payments anyway 
  •       Not compliant with SCA, select a new SCA-ready payment gateway

Find your payment gateway(s) below, whether it’s SCA-ready, and what we recommend you do.

Again, these recommendations apply to online transactions where your customer’s bank (issuing bank) and your bank (acquiring bank) are located inside the European Economic Area (EEA).

SCA Ready: no action required

Payment Gateway Compliance Recommendation for EU Merchants
CyberSource SCA compliant No change required
Mollie SCA compliant No change required
PayPal Express SCA compliant No change required
PayPal Standard (deprecated) SCA compliant No change required

 

The latest version is SCA-ready: requires update

Payment Gateway Compliance Recommendation for EU Merchants
Braintree SCA compliant update available Update to the latest version of Braintree, which automatically adds 3D secure v2
Sage Pay 3D secure available through server integration Update the add-on, deactivate the old “Sage Pay” payment method and activate the SCA-compliant “Sage Pay Server Integration” instead
Stripe The “Stripe Elements” type is SCA-ready.  Please update to Stripe Add-On to version 1.1.6, and change from “Checkout (legacy)” (the old default) to “Stripe Elements”. See the blog post all about this

 

Not SCA-ready: suggest easier alternative

Payment Gateway Compliance Recommendation for EU Merchants
Authorize.net AIM Not SCA compliant Switch to CyberSource
Authorize.net SIM Not SCA compliant Switch to CyberSource
Authorize.net Accept Not SCA compliant Switch to CyberSource
Authorize.net e-Check Not SCA compliant Switch to CyberSource
PayPal Pro No 3D secure integration built, but it’s possible Switch to PayPal Smart Buttons or PayPal Express
PayPal Payflow Pro No 3D secure integration built, but it’s possible Switch to PayPal Smart Buttons or PayPal Express

 

Not compliant with SCA: but does not work for European payments anyway 

Payment Gateway Compliance Recommendation for EU Merchants
iPay 88 Does not accept European payments No change required
MIGS Does not accept European payments No change required

 

Not compliant with SCA: select a new SCA-ready payment gateway

Payment Gateway Compliance Recommendation for EU Merchants
Chase PaymentTech Orbital Not SCA compliant Change to an SCA-ready payment gateway
FIrst Data Payeezy Not SCA compliant Change to an SCA-ready payment gateway
Infusionsoft Not SCA compliant Change to an SCA-ready payment gateway
Mijireh (CloudSwipe) Not SCA compliant Change to an SCA-ready payment gateway
Intuit Quickbooks Not SCA compliant Change to an SCA-ready payment gateway
TSYS TransFirst No 3D secure Change to an SCA-ready payment gateway

 

Don’t see your payment gateway in the list? If it’s for Event Espresso 3, please create a support topic in our support forums for feedback. If it’s a payment gateway integration made by a 3rd party developer, please contact the developer.

The above recommendations are current as of September 13th, 2019. For the most up-to-date information, check out the product page for the respective payment gateway integration add-on from our website.

Why Isn’t My Payment Gateway SCA-Ready?

We’ve been working hard to make as many of our payment gateway integration add-ons SCA-ready as possible, but not all of them are. 

Some of the payment gateways (like all the Authorize.net options) simply will never be SCA-ready because the payment gateways themselves are not SCA-ready (their representatives have contacted us and specifically told us that, and that they are migrating their users over to CyberSource). Others have needed to be prioritized by the number of users, and whether good, easy substitutions exist. 

And lastly, perhaps now is a good time to switch to a better payment gateway. Don’t get us wrong, we love all our payment gateway integration add-ons. But some require you, the website owners, to do more work to be PCI-compliant (especially the onsite payment gateways, where the user submits their credit card information directly to your server). That’s why we generally encourage you towards offsite gateways (or ones that accept credit card data in a pop-up window, or in an iFrame) because it protects you and your customers.

So if you need to make changes to become SCA-ready, please take this as an opportunity to move to a payment gateway that better protects you and your customer’s data. We recommend Stripe as a great option with strong compliance features built into it.

Which Payment Gateways are Best Suited for SCA?

Here are our top picks if you need to switch payment gateways:

Stripe

Our updated Stripe payment gateway using Elements integration is a good choice. They’ve been great at helping their users prepare for PSD2 and SCA. Stripe Elements allows customers to pay on your website, but your server never handles any of the credit card details. You can customize when you want 3D secure authorization to occur, and when it does, it all happens in a modal dialogue instead of a pop-up window, so ad-blockers won’t flag it as suspicious.

Braintree

Braintree’s features are very similar to Stripe’s: it keeps customers on your website, but donesn’thandle any credit card details, and 3D secure happens in a modal dialogue. As an extra bonus, it also allows customers to pay with PayPal in a pop-up window.

Sage Pay

For event managers in the United Kingdom, Sage Pay is an economical choice. Instead of charging a percent of your sales, they charge a flat monthly rate. Our Sage Pay add-on now also supports “Server Integration” payment method, which sends the user offsite for payment, and takes care of doing 3D secure authorization only when necessary.

And there are other good options. Look at the table above for the ones highlighted green or blue.

Get Ready! (If you aren’t already)

We hope this clarifies what to do in order to become SCA-ready.

In case you need to switch payment methods in order to become SCA-ready, here’s some good news: use this special link to get an15% discount on your purchase of your next gateway, usable for a limited time.

If you have any questions, please comment or reach out on our support forums. We’re here to help.

Share a Reply or Comment

Your email address will not be published. Required fields are marked *

Need help with Event Espresso? Create a support post in our support forums

Do NOT follow this link or you will be banned from the site!
[for="input_96_5_3"]
[for="input_96_5_3"]
[gravityform id=96 title=false description=false]
  • This field is for validation purposes and should be left unchanged.
[i]
[i]
[gravityform id=69 title=false description=false]
  • This field is for validation purposes and should be left unchanged.