1. Home
  2. Fundraising
  3. Payment Gateways
  4. Payment gateway upgrades: PSD2 and SCA
  1. Home
  2. Software updates and news
  3. Payment gateway upgrades: PSD2 and SCA

Payment gateway upgrades: PSD2 and SCA

As part of an EU directive known as PSD2 (Payment Services Directive Two), donation gateways in Europe are now required to increase the security of payments that they receive from supporters and reduce fraud, via a process called SCA (Strong Customer Authentication).

The deadline set by the European Commission for EU compliance was Dec. 31, 2020, while the UK has further extended the implementation period whereby banks will not be required to fully comply with SCA until March 14, 2022. 

What is SCA?

You have probably already seen an online payments process in which you are redirected to a message from your bank, prompting you to enter a password. This process is known as “3D Secure,” and may already be implemented on your gateway(s). 

Under the SCA rules, the user is not redirected to a screen (except for the RSM payment gateway). Instead, a pop-up message is displayed if the bank decides that they require more credentials, asking the end user to type in a password or a code that the user received via text message. This authentication method is referred to as “3D Secure 2.”

Who is impacted by SCA requirements?

Those accepting online payments where both the acquiring (i.e. organization’s) bank and the issuing (i.e. supporter’s) bank are located in the EU or UK are subject to SCA compliance. With unknown impact of enforcement policies, it is recommended to be prepared as early as possible to ensure criteria are met and donations can be accepted smoothly. 

SCA Compliant Gateways with 3DS2

The following gateways are SCA compliant, supported with 3D Secure 2 on Engaging Networks:

Payflow 
PayPal Pro ✓*
Paysafe 
Stripe

*

While PSD2 is integrated with PayPal Pro for those that have already set up with CardinalCommerce, those without this setup cannot currently use PSD2 since PayPal has removed this as an option. We are working on a new integration.

PSD2 is currently supported on the Peer-to-Peer module exclusively through Stripe 3DS2. The information below relates to gateway compliance on all other fundraising modules on Engaging Networks.

Please contact Support with any questions in ensuring your gateway implementation is set up to support 3DS2.

SCA Compliant Gateways with 3DS

RSM2000

RSM2000 is handling security updates for clients directly and are covered under 3DS (not yet 3DS2). There are no changes you will need to make to your gateway settings in Engaging Networks.

Worldpay (WPG)

3DS is supported and covers compliance in our current setup with Wordpay. There are no changes you will need to make to your gateway settings in Engaging Networks.

Pay via Paypal

You do not need to use PSD2 with Pay via PayPal, where it redirects to the PayPal log-on screen, so no changes are needed.

Gateways NOT Yet SCA Compliant

ACI, iATS, Moneris, Vantiv (VAP)

These gateways have either not offered technical solutions to enable 3DS or are primarily used outside of the SCA impacted regions. You may continue using these gateways on Engaging Networks, but please note that those fundraising in the EU or UK will need to use one of the compliant gateways listed above to accept donations from supporters in impacted regions until further updates are made.

PayPal and Stripe digital wallets may also be used in combination with any other gateway on a page and are SCA compliant.

If fundraising with supporters in the EU or UK, please ensure your organization verifies your gateways are SCA compliant in advance of compliance deadlines, to provide additional security for your online donations, and to help deter or thwart fraud attacks. 

Testing 3DS2

We strongly advise that you set up a “test version” of your donation pages, with test gateway credentials assigned to these pages. Only after thorough testing should you make these pages “live” with the payment gateway enabled. 

Your supporters’ interaction with 3D Secure 2 will take place primarily on your fundraising pages, using Javascript to trigger a “pop-up layer” for the additional authentication steps. You should therefore fully test how it will work on your own donation templates and ensure it works alongside any custom code used on your pages.

If you have any questions, please don’t hesitate to contact Support.

Updated on June 8, 2021

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support