On September 14th, 2019, new authentication requirements were introduced for European online payments as part of the second Payments Services Directive (PSD2).
Payments where both the business and the customer's bank are located in the European Economic Area (EEA) must meet the new Strong Customer Authentication (SCA) requirements.
The deadline imposed by the European Economic Area / UK was March 14th, 2022.
For general information, please visit Stripe's article on Strong Customer Authentication.
Eligibility
SCA must be used for transactions that involve money that's moving between bank accounts located within the European Economic Area.
SCA regulations apply to your business if the following criteria is met:
- Your business uses a bank account in the European Economic Area.
Note: This includes all countries within the European Union plus Norway, Iceland and Liechtenstein.
- You sell to customers with bank accounts located in the European Economic Area.
Customer impact
- Transactions that customers neglect to authorize will fail and be retried.
- Some transactions may experience longer processing times as customers need to manually authorize their payments by completing the authorization challenge.
Note: Transactions that have been authorized will continue to process as expected.
Setup
Merchants that meet all of the eligibility criteria need to contact their payment gateway (Stripe, Braintree, or PayPal Complete Payments) to ensure that their SCA / 3DS2 is properly configured.
If you are not currently using Stripe, Braintre or PayPal Complete Payments as your primary payment gateway in Bold Checkout, please follow the steps in Connect a Payment Processor to Bold Checkout to connect to a supported payment gateway.
FAQs
What countries are affected?
-
Austria = AT
-
Belgium = BE
-
Bulgaria = BG
-
Croatia = HR
-
Cyprus = CY
-
Czech Republic = CZ
-
Denmark = DK
-
Estonia = EE
-
Finland = FI
-
France = FR
-
Germany = DE
-
Greece = GR
-
Hungary = HU
-
Iceland = IS
-
Ireland = IE
-
Italy = IT
-
Latvia = LV
-
Liechtenstein = LI
-
Lithuania = LT
-
Luxembourg = LU
-
Malta = MT
-
Netherlands = NL
-
Norway = NO
-
Poland = PL
-
Portugal = PT
-
Romania = RO
-
Slovakia = SK
-
Slovenia = SI
-
Spain = ES
-
Sweden = SE
-
Switzerland = CH *
-
United Kingdom = GB **
* Though the UK may not be a part of the EEA in the future, they intend to implement or follow SCA regulation.
** Although Switzerland is outside of the European Economic Area (EEA), Swiss merchants need to meet SCA requirements because Stripe’s acquiring bank for Swiss merchants is located in the UK.
What businesses are affected?
Europe
If you are a European business who is located within the European Economic Area (EEA) and charges customers cards that were issued within the EEA, you are required to comply with SCA.
Please visit Businesses affected by Strong Customer Authentication (SCA) regulations for more information.
UK
Please visit Businesses affected by Strong Customer Authentication (SCA) regulations for more information.
US and Other Countries
Businesses located outside of the European Economic Area (EEA) are considered outside of the scope and should experience minimal impact of SCA.
Transactions processed by businesses outside of the EEA are considered a one-leg transaction and are therefore not subject to SCA rules.
Please visit Businesses affected by Strong Customer Authentication (SCA) regulations for more information.