Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services on payment service providers within the European Economic Area. This requirement ensures that electronic payments are performed with multi-factor authentication to increase the security of electronic payments.
SCA is triggered by your customer's bank and requires that your customer authorize their payment. Authentication can be required at the time of initial checkout as well as for a recurring order.
Requirements
If your customer's initial payment triggers SCA they are required to authorize the payment in the checkout before the order will process successfully. For recurring orders, Shopify will send out an email to your customer with a link to authorize their payment.
If your customer does not receive their authorization email, they can login to their customer portal to generate a new link. This requires your customer to have a customer account on your store as well as access to the custom portal.
You can also enable the Payment Requires Strong Customer Authentication email notification within Bold Subscriptions so that your customer receives email reminders up until the time they authorize their payment.
For more information on how to set up the customer portal, please visit Set up and Manage the Customer Portal. For more information on how to set up the Payment Requires Strong Customer Authentication email notification, please visit Email Notifications.
Limitations
Orders that require authentication cannot be edited by your customer or an admin.
Customer perspective
If SCA is triggered, Shopify sends an email to your customer with a link to authorize their payment. Your customers are also able to authenticate the payment from within the customer portal.
If your customer tries to authenticate their payment but the link says it has expired, they can generate a new link in their customer portal. This triggers a new email to be sent to the customer.
Example
Merchant perspective
If SCA authentication is still pending, a message is present on the customer's subscription in the Bold Subscriptions admin.
Example
SCA for Bold Subscriptions & Bold Cashier
When Bold Subscriptions is integrated with Bold Cashier, you will need to have a supported payment gateway attached to Cashier in order to enable SCA. Currently, Stripe is the only payment gateway that supports SCA alongside Bold Subscriptions.
Authentication may be required on initial payment as well as recurring orders. If authentication is required on initial checkout, your customers will see the option in the checkout. For recurring orders, your customers can log into the customer portal to authorize their payment, or use the link sent to them by email.
Bold Subscriptions sends an email notification to your customers when authentication is pending for recurring orders. For more information on how to set up the Payment Requires Strong Customer Authentication email notification, please visit Edit Settings in Bold Subscriptions for Shopify Checkout.
Example
Email notification in Bold Subscriptions
Customers can also log in to the customer portal to authenticate their order. Orders pending authentication cannot be edited by your customer or an admin.
Example
View in the customer portal
Setup SCA in Bold Cashier
Step 1: Enable 3D Secure in your Stripe settings
- In Bold Cashier go to Payment options > Payment gateways to ensure you have Stripe as your payment gateway.
- Select the ellipsis next to Stripe then Edit credentials.
- Select the checkbox next to Use 3D Secure card payments.
- Select Save.
Step 2: Enable email notifications in Bold Subscriptions
- From within Bold Subscriptions, navigate to Settings > Email notifications.
- Move the toggle to the on position (green) for the Payment requires Strong Customer Authentication.
- Select the ellipsis then Edit email template.
- Optional: Edit the email template.
- Enter the number of days you'd like for the Notification period.
Note: This will determine when and how often your customers will recieve their email notification from the day their order was set to generate. Entering a notification period of 1 Day will mean the email reminder is sent every day until their payment is authorized. Using a setting of 2 Days will mean it will be sent every other day until their payment is authorized.
- Select Save.