As part of a new EU directive known as PSD2 (Payment Services Directive Two), donation gateways in Europe are now required to increase the security of payments that they receive from supporters, via a process called SCA (Strong Customer Authentication).
The initial deadline for complying with the new SCA requirements was 14 September 2019. However, the European Commission has granted the UK an additional 18 months implementation period whereby banks will not be required to fully comply with SCA until March 2021. Other European countries may likewise receive extended deadlines too, but this is uncertain.
What is SCA?
You have probably already seen an online payments process in which you are redirected to a message from your bank, prompting you to enter a password. This process is known as “3D Secure,” and may already be implemented on your gateway(s).
Under the SCA rules, the user is not redirected to a screen (except for the RSM payment gateway, which will redirect instead). Instead, a pop-up message is displayed if the bank decides that they require more credentials, asking the end user to type in a password or a code that the user received via text message. This new authentication method is now being referred to as “3D Secure 2.”
What we are doing: Gateway upgrades
The Engaging Networks team are working with all of the gateways that we support, and which process payments in Europe, to upgrade our software connections to support the PSD2 directive.
By the time of our next software release — several weeks from now — the following gateways will support 3D Secure 2:
Paypal Pro ✓
What about Worldpay and iATS and Pay via Paypal?
As 3D Secure (1) is already supported in our current setup with Wordpay — and because of the recent postponement of the 3D Secure 2 deadline, we have chosen to tackle Worldpay’s 3D Secure 2 upgrade in a future software release.
We are still awaiting technical implementation requirements from iATS, and at this time no solution for 3D Secure 2 has been offered. In order to meet the SCA requirement, we will update our integration with iATS to support 3D Secure 1, until iATS provides a solution to enable technology providers to integrate 3D Secure 2 with the APIs provided by iATS.
Pay via Paypal
You do not need to use PSD2 with Pay via Paypal, where it redirects to the Paypal logon screen, so no changes are needed.
What you need to do
In the UK, SCA compliance will not be required for 18 months, and it is likely that other European countries will follow a similar implementation period, too. However, we recommend implementing this new technology sooner, to provide additional security for your online donations, and to help deter or thwart fraud attacks. Therefore, keep an eye out for emails from us and from your payment gateway, providing more information on upgrades and what you can do to set up 3D Secure 2 and then test it to make sure it works.
A final note on testing
We strongly advise that you set up a “test version” of your donation pages, with test gateway credentials assigned to these pages. Only after thorough testing should you make these pages “live” with the payment gateway enabled.
If you have any questions, please don’t hesitate to contact Support, and keep an eye out for more updates from us in the near future.