As of September 2019, PSD2 (the European Payment Services Directive) requires entities that do business in the European Economic Area (“EEA”) to use Strong Customer Authentication (“SCA”) when accepting card payments from card issuers and banks in the EEA.
But what is Strong Customer Authentication and what does it mean for the way you run your business? Here’s a brief overview with some links to additional resources.
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication is a regulation that adds new requirements to how a European business verifies its European customers before accepting their purchase. The SCA requirement is designed to strengthen the security of online payments made via card or bank account. Usually, this authentication is carried out by requesting two pieces of information:
- Information that only the cardholder knows (such as a PIN), and
- Information that only the cardholder has access to (such as an SMS verification code).
Practically speaking, this means that businesses required to implement SCA will likely need to add an additional step to their checkout process if they have not previously adopted permissible dual-authentication. Currently, SCA is only required when both the business’ and the customer’s bank are located in the European Economic Area (EEA). In other words, if your business is based in the U.S. or another non-EEA area, and your bank is not located in the EEA, then you probably don’t have to worry about this regulation, even if you’re serving customers in the EEA. Nonetheless, it’s always a good idea to consult your legal counsel if you’re unsure.
What Do SCA Regulations Mean for ClickFunnels Users?
For ClickFunnels users whose businesses aren’t based in EEA areas, there’s nothing to change as of yet.
For our users whose businesses are going to be impacted by the new SCA regulation, we’ve made it very easy to implement SCA using Stripe — you can see our step-by-step doc to setting up compliant checkout processes over here and you might also look at Stripe’s breakdown over here of what they’ve done to comply with these new regulations.
Hopefully, that gives you a better idea of what SCA is and how it impacts your business. Let us know if you have any questions in the comments!