Select your platform

Strong Customer Authentication (SCA) for Bold Subscriptions V1

  • Updated

As of September 14th, 2019, new authentication requirements are being introduced for European online payments as part of the second Payments Services Directive (PSD2).

Payments where both the business and the customer's bank are located in the European Economic Area (EEA) need to meet the new Strong Customer Authentication (SCA) requirements.

The deadline being imposed by the European Economic Area / UK is March 14th, 2022.

For more general information, please visit Stripe's article on Strong Customer Authentication.



Strong Customer Authentication must be used for transactions that involve money that's moving between bank accounts located within the European Economic Area.

Strong Customer Authentication regulations apply to your business if the following criteria is met:

  1. Your business uses a bank account in the European Economic Area.

    Note: This includes all countries within the European Union plus Norway, Iceland and Liechtenstein.

  2. You sell to customers with bank accounts located in the European Economic Area.
  3. You accept payments from credit or debit cards.
  4. You are using Stripe as your payment gateway.

    Note: If you are using a payment gateway that Bold does not support, it's advised that you confirm this payment gateway will support you. We otherwise recommend considering migrating to an officially supported payment gateway.



Merchants affected by SCA regulations will experience the following:

  • Transactions that customers neglect to authorize will fail and be retried.
  • Some transactions may experience longer processing times as customers will need to manually authorize their payments by completing the authorization challenge.

    Note: Transactions that have been authorized will continue to process as expected.



Merchants that meet all of the eligibility criteria will now need to complete the following:

  1. Contact your payment gateway to ensure that your SCA / 3DS2 is properly configured.
  2. Enable MSP 2.0 within the Bold Subscriptions app admin.



Enabling MSP 2.0

  1. From the Shopify admin, select Apps.
  2. Select Bold Subscriptions.
  3. Select Settings, then Manage Subscriptions Page.

    Select Settings then MSP

  4. Select Enable Page Customization & Preview and Launch New Manage Subscriptions Page.

    Select both radio buttons

  5. Select Save Changes.




Below is an example of what your customers may see when authenticating their transaction with SCA.

The display of this will change based on the customer's financial institution and credit card.

Example SCA




  • Austria = AT

  • Belgium = BE

  • Bulgaria = BG

  • Croatia = HR

  • Cyprus = CY

  • Czech Republic = CZ

  • Denmark = DK

  • Estonia = EE

  • Finland = FI

  • France = FR

  • Germany = DE

  • Greece = GR

  • Hungary = HU

  • Iceland = IS

  • Ireland = IE

  • Italy = IT

  • Latvia = LV

  • Liechtenstein = LI

  • Lithuania = LT

  • Luxembourg = LU

  • Malta = MT

  • Netherlands = NL

  • Norway = NO

  • Poland = PL

  • Portugal = PT

  • Romania = RO

  • Slovakia = SK

  • Slovenia = SI

  • Spain = ES

  • Sweden = SE

  • Switzerland = CH *

  • United Kingdom = GB **

* Though the UK may not be a part of the EEA in the future, they intend to implement or follow SCA regulation.

** Although Switzerland is outside of the European Economic Area (EEA), Swiss merchants will need to meet SCA requirements because Stripe’s acquiring bank for Swiss merchants is located in the UK.




If you are a European business who is located within the European Economic Area (EEA) and charges customers cards that were issued within the EEA, you are required to comply with SCA.

Please visit Businesses affected by Strong Customer Authentication (SCA) regulations for more information.




Please visit Businesses affected by Strong Customer Authentication (SCA) regulations for more information.



US and Other Countries

Businesses located outside of the European Economic Area (EEA) are considered outside of the scope and should experience minimal impact of SCA.

Transactions processed by businesses outside of the EEA are considered a one-leg transaction and are therefore not subject to SCA rules.

Please visit Businesses affected by Strong Customer Authentication (SCA) regulations for more information.