Strong Customer Authentication - SCA

[michael]

Hello,

There is a news from Stripe:

Strong Customer Authentication is a new European regulation coming into effect on September 14, 2019, which will require additional authentication for many online payments.

You can learn more about SCA and the latest regulatory requirements in our guide, or in our upcoming webinar on March 27, 2019.

Read our guide to learn more about what to expect from SCA

March 19, 2019

source:

https://stripe.com/blog/strong-customer-authentication-mar-2019

 

https://stripe.com/guides/strong-customer-authentication

 

similar thing is regards Paypal and other payment gateways:

https://www.paypal.com/uk/webapps/mpp/psd2

 

 

 

added:

Currently, the most common way of authenticating an online card payment relies on 3D Secure—an authentication standard supported by the vast majority of European cards. Applying 3D Secure typically adds an extra step after the checkout where the cardholder is prompted by their bank to provide additional information to complete a payment (e.g., a one-time code sent to their phone or fingerprint authentication through their mobile banking app).

3D Secure 2—the new version of the authentication protocol rolling out in 2019—will be the main method for authenticating online card payments and meeting the new SCA requirements. This new version introduces a better user experience that will help minimise some of the friction that authentication adds into the checkout flow.

Other card-based payment methods such as Apple Pay or Google Pay already support payment flows with a built-in layer of authentication (biometric or password). These can be a great way for businesses to offer a frictionless checkout experience while meeting the new requirements.

 

https://stripe.com/guides/strong-customer-authentication?utm_campaign=scamar2019&utm_source=blog&utm_medium=stub

 

I don't see the modul support 3d secure 2.

https://stripe.com/guides/3d-secure-2

Will you add support for 3d secure 2?

 

Some more info:

VISA and MasterCard will be mandating that the new version of 3D Secure (version 2.0) should be in place for issuers and merchants by April 2019 in preparation for the mass adoption in September 2019.

https://www.barclaycard.co.uk/business/news-and-insights/guide-to-strong-customer-authentication

 

Edited March 23, 2019 by michael

[Traumflug]

 

1 hour ago, michael said:

Will you add support for 3d secure 2?

Thanks for the heads up.

The obvious answer is Yes.

[michael]

On 14 September 2019, a new European regulation called Strong Customer Authentication (SCA) will introduce two-factor authentication requirements for many online payments in Europe. We expect this regulation to be enforced in the UK regardless of the outcome of Brexit. Payments that aren’t authenticated will be declined by your customers’ banks.

We’ve released a new payments API and SCA-ready products to help you prepare for this change. To get ready for these new rules and avoid having payments declined, you’ll need to make changes to your payment flows and Stripe integration by 14 September 2019. Read our docs to learn more about SCA and the required changes.

email from stripe

[spidawebs]

So the thirtybees stripe module will be updated before this date and will work with the new changes?

[lesley]

Yes, it will. 

[michael]

May you add also https://stripe.com/docs/recipes/sending-emails-for-failed-payments  ??

[lesley]

Just to update this thread, we have hired one of the best community members to implement this into the stripe module and also fix a few bugs that are in the stripe repo as well. So it is being worked on now. 

[michael]

Great!! Is it module available now?

What about other payment modules and new regulations?

Strong Customer Authentication (SCA)  it is  new European regulation. Starting 14 September.

 

[lesley]

It is not, it is being worked on now. What other payment types would need to support the SCA? 

[michael]

I think all payments which are or will be made in Europe.

It may be enforcement like GDPR regulation to other countries who have EU customers.

 

Some info regards Paypal:

https://www.paypal.com/uk/webapps/mpp/psd2

[danwarrior]

That's it: every payment made between europeans, will need to pass SCA. Stripe, PayPal, Authorize or any other connected to card payment. All banks will have to adapt.

[datakick]

New version (release candidate):  SCA support

Here's a pre-release candidate of stripe module that implements support for SCA - new European regulation coming into effect on September 14, 2019. If you are collecting payments from EU customers, you will need to upgrade stripe module, otherwise you will see a huge increase in card declines.

The changes to the module are substantial -- 3 core checkout flows had to be rewritten from scratch using new Payment Intent API. Therefore, before I release this version officially, I would like to ask you all to test it thoroughly.

If you find any bug or problem, please report to this thread. 

Download: stripe-v1.7.0.zip

 

[danwarrior]

7 hours ago, datakick said:

New version (release candidate):  SCA support

Here's a pre-release candidate of stripe module that implements support for SCA - new European regulation coming into effect on September 14, 2019. If you are collecting payments from EU customers, you will need to upgrade stripe module, otherwise you will see a huge increase in card declines.

The changes to the module are substantial -- 3 core checkout flows had to be rewritten from scratch using new Payment Intent API. Therefore, before I release this version officially, I would like to ask you all to test it thoroughly.

If you find any bug or problem, please report to this thread. 

Download: stripe-v1.7.0.zip

 

Can we upload and re-writing files or you recommend installing it from scratch?

[datakick]

52 minutes ago, danwarrior said:

Can we upload and re-writing files or you recommend installing it from scratch?

Both methods must work. If you could test both module upgrade, and fresh installation, that would be great.

[datakick]

Did anyone had a chance to test the release preview version?

[Signut]

Confirming installation of 1.7.0 over 1.6.6. 

We do not use European Payment methods or Alipay etc.

Smooth installation. All stages of initial transactions have completed satisfactorily..

Thank you for this upgrade.

[danwarrior]

23 hours ago, datakick said:

Did anyone had a chance to test the release preview version?

I'm going to try it in the next days, I'll tell you 🙂

[datakick]

Nobody reported any issues or problems, so I'm going to officially release the new version 

[haylau]

Installed. We only had the STRIPE CREDIT CARD FORM enabled. When customers make payment it is not processed. Our website just says "submitting" continually. But I can see the log (not payment) in Stripe. I have switched that off and enabled Stripe checkout and that seems to be fine

 

{
  "payment_method_types": [
    "card"
  ],
  "amount": "67",
  "currency": "gbp"
}
Response body
{
  "id": "pi_1EvMDdIPi9KHxLDypCzeLcDL",
  "object": "payment_intent",
  "amount": 67,
  "amount_capturable": 0,
  "amount_received": 0,
  "application": null,
  "application_fee_amount": null,
  "canceled_at": null,
  "cancellation_reason": null,
  "capture_method": "automatic",
  "charges": {
    "object": "list",
    "data": [
    ],
    "has_more": false,
    "total_count": 0,
    "url": "/v1/charges?payment_intent=pi_1EvMDdIPi9KHxLDypCzeLcDL"
  },
  "client_secret": "pi_1EvMDdIPi9KHxLDypCzeLcDL_secret_M2YQlC21Rgs3rRZEmpedj8wph",
  "confirmation_method": "automatic",
  "created": 1562928193,
  "currency": "gbp",
  "customer": null,
  "description": null,
  "invoice": null,
  "last_payment_error": null,
  "livemode": true,
  "metadata": {
  },
  "next_action": null,
  "on_behalf_of": null,
  "payment_method": null,
  "payment_method_types": [
    "card"
  ],
  "receipt_email": null,
  "review": null,
  "setup_future_usage": null,
  "shipping": null,
  "source": null,
  "statement_descriptor": null,
  "status": "requires_payment_method",
  "transfer_data": null,
  "transfer_group": null
}

 

[haylau]

Actually the stripe checkout does not work either as it bypassess all of the log in systems. 

[datakick]

29 minutes ago, haylau said:

Actually the stripe checkout does not work either as it bypassess all of the log in systems. 

I don't understand at all what you are trying to say. Please elaborate

[haylau]

With stripe checkout enabled,  customer can click the button in the cart without filling in any details such as name , address, choosing carrier etc

 

Also now getting this

 

VM680:37 custompayments <p class="payment_module">…</p>
VM680:37 stripe <p class="payment_module" id="stripe_payment_button">…</p>
v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:4 [Deprecation] Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
send @ v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:4
quick-order:1 Uncaught SyntaxError: Invalid or unexpected token
    at v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:3448
    at window.checkOffer (v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:3439)
    at callback_placeorder (v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:3447)
    at callback_load_address (v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:3465)
    at Object.complete (v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:3466)
    at Object.complete (v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:2812)
    at j (v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:2)
    at Object.fireWith (v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:2)
    at x (v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:4)
    at XMLHttpRequest.b (v_55_e5d76424a76f0ac34aaa82e1467f2b8d.js:4)

 

 

i want to cry

[datakick]

I don't think this is an issue with this module. I bet you are using some third party one-page checkout module, aren't you?

[datakick]

I've just retested the functionality on standard tb checkout flows (standard 5-step, standard one page checkout, advanced eu one page checkout)  and it works fine. You can test it on my demo account as well

[haylau]

Yes we are use a third party OPC module (PRESTEAMSHOP)- and the Panda theme. I have rolled bacl by deleting module and re-installed the earlier version and that seems to be working (touch wood)