Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services on payment service providers within the European Economic Area. This requirement ensures that electronic payments are performed with multi-factor authentication to increase the security of electronic payments.
SCA is triggered by your customer's bank and will require that your customer authorize their payment. Authentication can be required at the time of initial checkout as well as for a recurring order.
If your customer's initial payment triggers SCA they will be required to authorize the payment in the checkout before the order will process successfully. For recurring orders, Shopify will send out an email to your customer with a link to authorize their payment.
If your customer does not receive their authorization email, they can login to their Customer Portal to generate a new link. This requires your customer to have a customer account on your store as well as access to the Customer Portal.
You can also enable the Payment Requires Strong Customer Authentication email notification within Bold Subscriptions so that your customer will receive email reminders up until the time they authorize their payment.
Pro-Tip
- For more information on how to set up the Customer Portal, please visit Set up and Manage the Customer Portal in Subscriptions for Shopify Checkout.
- For more information on how to set up the Payment Requires Strong Customer Authentication email notification, please visit Edit Settings in Subscriptions for Shopify Checkout.
Limitations
Orders that require authentication cannot be edited by your customer or an admin.
Shopify will send out an email to your customer with a link to authorize their payment. Your customers will also be able to authenticate the payment from within their Customer Portal.
Example
Customer facing email sent by Shopify:
View in the Customer Portal:
Pro-Tip
If your customer tries to authenticate their payment but the link says it has expired, they can generate a new link in their Customer Portal as shown above. This will trigger a new email to be sent to the customer.
If the SCA authentication is still pending, you will see a message appear on your customer's subscription in the Bold Subscriptions admin.
Example
When Bold Subscriptions is integrated with Bold Cashier, you will need to have a supported payment gateway attached to Cashier in order to enable SCA. Currently, Stripe is the only payment gateway that supports SCA alongside Bold Subscriptions.
Authentication may be required on initial payment as well as recurring orders. If authentication is required on initial checkout, your customers will see the option in the checkout. For recurring orders, your customers can log into the Customer Portal to authorize their payment, or use the link sent to them by email.
Bold Subscriptions will send out an email notification to your customers when authentication is pending for recurring orders. For more information on how to set up the Payment Requires Strong Customer Authentication email notification, please visit Edit Settings in Bold Subscriptions for Shopify Checkout.
Example
Email Notification in Bold Subscriptions
Customers can also log in to the Customer Portal to authenticate their order. Orders pending authentication cannot be edited by your customer or an admin.
Example
View in the Customer Portal
Setup
Step 1: Enable 3D Secure in your Stripe settings
- In Bold Cashier go to Payment options > Payment gateways to ensure you have Stripe as your payment gateway.
- Select the ellipsis next to Stripe then Edit credentials.
- Select the checkbox next to Use 3D Secure card payments.
- Select Save.
Step 2: Enable Email Notifications in Bold Subscriptions
- From within Bold Subscriptions, navigate to Settings > Email notifications.
- Move the toggle to the on position (green) for the Payment requires Strong Customer Authentication.
- Select the ellipsis then Edit email template.
- Optional: Edit the email template.
- Enter the number of days you'd like for the Notification period.
Note: This will determine when and how often your customers will recieve their email notification from the day their order was set to generate. Entering a notification period of 1 Day will mean the email reminder is sent every day until their payment is authorized. Using a setting of 2 Days will mean it will be sent every other day until their payment is authorized.
- Select Save.