As part of a new EU directive known as PSD2 (Payment Services Directive Two), donation gateways in Europe are now required to increase the security of payments that they receive from supporters and reduce fraud, via a process called SCA (Strong Customer Authentication).
The deadline set by the European Commission for EU compliance is Dec. 31, 2020, while the UK has an extended implementation period whereby banks will not be required to fully comply with SCA until Sept. 14, 2021.
What is SCA?
You have probably already seen an online payments process in which you are redirected to a message from your bank, prompting you to enter a password. This process is known as “3D Secure,” and may already be implemented on your gateway(s).
Under the SCA rules, the user is not redirected to a screen (except for the RSM payment gateway). Instead, a pop-up message is displayed if the bank decides that they require more credentials, asking the end user to type in a password or a code that the user received via text message. This authentication method is referred to as “3D Secure 2.”
Who is impacted by SCA requirements?
Those accepting online payments where both the acquiring (i.e. organization’s) bank and the issuing (i.e. supporter’s) bank are located in the EU or UK are subject to SCA compliance. With unknown impact of enforcement policies, it is recommended to be prepared as early as possible to ensure criteria are met and donations can be accepted smoothly.
SCA Compliant Gateways with 3DS2
The following gateways are SCA compliant, supported with 3D Secure 2 on Engaging Networks:
PayPal Pro ✓*
Please contact Support with any questions in ensuring your gateway implementation is set up to support 3DS2.
SCA Compliant Gateways with 3DS
RSM2000 is handling security updates for clients directly and are covered under 3DS (not yet 3DS2). There are no changes you will need to make to your gateway settings in Engaging Networks.
3DS is supported and covers compliance in our current setup with Wordpay. There are no changes you will need to make to your gateway settings in Engaging Networks.
Pay via Paypal
You do not need to use PSD2 with Pay via PayPal, where it redirects to the PayPal log-on screen, so no changes are needed.
Gateways NOT Yet SCA Compliant
ACI, iATS, Moneris, Vantiv (VAP)
These gateways have either not offered technical solutions to enable 3DS or are primarily used outside of the SCA impacted regions. You may continue using these gateways on Engaging Networks, but please note that those fundraising in the EU or UK will need to use one of the compliant gateways listed above to accept donations from supporters in impacted regions until further updates are made.
If fundraising with supporters in the EU or UK, please ensure your organization verifies your gateways are SCA compliant in advance of compliance deadlines, to provide additional security for your online donations, and to help deter or thwart fraud attacks.
We strongly advise that you set up a “test version” of your donation pages, with test gateway credentials assigned to these pages. Only after thorough testing should you make these pages “live” with the payment gateway enabled.
If you have any questions, please don’t hesitate to contact Support.