Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services on payment service providers within the European Economic Area. This requirement ensures that electronic payments are performed with multi-factor authentication to increase the security of electronic payments.
SCA is triggered by your customer's bank and will require that your customer authorize their payment. Authentication can be required at the time of initial checkout as well as for a recurring order.
If your customer's initial payment triggers SCA they will be required to authorize the payment in the checkout before the order will process successfully. For recurring orders, Shopify will send out an email to your customer with a link to authorize their payment.
If your customer does not receive their authorization email, they can login to their Customer Portal to generate a new link. This requires your customer to have a customer account on your store as well as access to the Customer Portal.
You can also enable the Payment Requires Strong Customer Authentication email notification within Subscriptions V2 so that your customer will receive email reminders up until the time they authorize their payment.
Orders that require authentication cannot be edited by your customer or an admin.
Shopify will send out an email to your customer with a link to authorize their payment. Your customers will also be able to authenticate the payment from within their Customer Portal.
Customer facing email sent by Shopify:
View in the Customer Portal:
If your customer tries to authenticate their payment but the link says it has expired, they can generate a new link in their Customer Portal as shown above. This will trigger a new email to be sent to the customer.
If the SCA authentication is still pending, you will see a message appear on your customer's subscription in the Subscriptions V2 admin.
When Subscriptions V2 is integrated with Bold Cashier, you will need to have a supported payment gateway attached to Cashier in order to enable SCA. Currently, Stripe is the only payment gateway that supports SCA alongside Subscriptions V2.
Authentication may be required on initial payment as well as recurring orders. If authentication is required on initial checkout, your customers will see the option in the checkout. For recurring orders, your customers can log into the Customer Portal to authorize their payment, or use the link sent to them by email.
Subscriptions V2 will send out an email notification to your customers when authentication is pending for recurring orders. For more information on how to set up the Payment Requires Strong Customer Authentication email notification, please visit Edit Settings in Bold Subscriptions V2.
Email Notification in Subscriptions V2
Customers can also log in to the Customer Portal to authenticate their order. Orders pending authentication cannot be edited by your customer or an admin.
View in the Customer Portal
Step 1: Enable 3D Secure in your Stripe settings
- In Bold Checkout go to Payment options > Payment gateways to ensure you have Stripe as your payment gateway.
- Select the ellipsis next to Stripe then Edit credentials.
- Select the checkbox next to Use 3D Secure card payments.
- Select Save.
Step 2: Enable Email Notifications in Subscriptions V2
- From within Subscriptions V2, navigate to Settings > Email notifications.
- Move the toggle to the on position (green) for the Payment requires Strong Customer Authentication.
- Select the ellipsis then Edit email template.
- Edit the email template. (Optional)
- Enter the number of days you'd like for the Notification period.
Note: This will determine when and how often your customers will recieve their email notification from the day their order was set to generate. Entering a notification period of 1 Day will mean the email reminder is sent every day until their payment is authorized. Using a setting of 2 Days will mean it will be sent every other day until their payment is authorized.
- Select Save.