As of September 14, 2019, new requirements for authenticating online payments will be introduced in Europe as part of the second Payment Services Directive (PSD2). These requirements are known as Strong Customer Authentication (SCA). This regulation helps reduce fraud and makes online payments more secure.
Stripe card payments impacted by SCA will require an extra layer of authentication by the cardholder in order for the payment to be processed. More specifically, a one-time passcode will be required in order to complete the payment.
How do I know if my business is impacted?
SCA will impact your business if ALL of the following criteria apply:
- Your business is based in the European Economic Area (EEA)
- You serve customers in the EEA
- You accept card payment using the Stripe integration with Work
This will not apply to Work customers using Stripe in the US, Canada, Australia or New Zealand.
How does my customer obtain a one-time passcode?
Whether you're inputting the card information on the Work invoice payment page or you send your customer an invoice for credit card payment from Work, your customer may be prompted to authenticate that payment.
Depending on the requirements set by the customer's bank, they may receive a push notification to confirm the payment or they may receive an SMS message with a one-time passcode that will need to be entered on the payment site.
Do I need to have my customer on the phone when processing credit card payments?
If you are subject to SCA, we suggest that you have your customer on the phone when entering their credit card information. If you receive a prompt for a one-time passcode you will need to have the customer receive that and provide it to you in order to complete the payment.