Strong customer authentication (3-D Secure)

Strong customer authentication (SCA) will be required for most online payments in Europe beginning the 14th of September 2019 as part of PSD2. The purpose of SCA is to increase the security of online payments and thereby limit money-laundering and decrease the cost of payments.

If your Paylike account has 3-D Secure enabled today (enabled by default), you do not have to worry, as 3-D Secure is compliant with SCA. In doubt? Contact us.

Exemptions

Some merchants are or can be exempted from SCA for some or all of their payments. However, issuing banks may force SCA and therefore, most merchants need to integrate with Paylike’s 3-D Secure service or update their integration with Paylike to avoid declined payments due to missing SCA:

  • Subscription businesses
  • Businesses doing merchant initiated transactions, e.g. creating payments based on customers usage
  • Micropayments
  • Businesses which for some reason, e.g. limited 3-D Secure support by issuers in their target country, has 3-D Secure disabled.

As a general rule, SCA is always required, but there are a few exemptions:

Exemption Details
Low-risk transactions The payment provider can do a real-time risk analysis of the transaction to determine if SCA is required, which, among other things, involves the evaluation of the payment provider’s fraud rate. If the risk is deemed low, the exemption can be applied. If the issuing bank risk analysis deems the risk to be high, they will most likely require SCA.
Low-value transactions Transactions below EUR 30 can be exempt from SCA. However, the issuing bank will require SCA for every 5 transactions or if the total amount of transactions without SCA previous to this transaction is above EUR 100.
Fixed amount subscriptions The initial transaction for a fixed amount subscription will require SCA. However, subsequent transactions can be exempt. If the amount changes, SCA will be required.
Merchant initiated transactions Recurring and transactions initiated by the merchant without the involvement of the cardholder, e.g. for a variable amount subscription, can be exempted from SCA.
Inter-regional transactions Payments where either the merchant’s or the cardholder’s bank is located outside the EEA are exempted from SCA.
Trusted Beneficiaries Cardholders can whitelist a merchant to allow the merchant to make transactions without SCA.
Over-the-phone payments (MOTO) Similarly to merchant initiated transactions, MOTO payments can be exempted from SCA.
Corporate payments (B2B) Some limited types of corporate cards may be exempted from SCA. We do not expect this exemption to have a big impact as the type of cards are mostly limited to cards used for travel, e.g. lodge cards, central travel accounts and virtual cards.
Anonymous transactions Transactions through anonymous payment instruments, e.g. prepaid card, may be exempted from SCA.

Prepare for exemptions to fail

The exemptions can be applied by the payment provider (Paylike), but ultimately it’s up to the issuing bank to determine if they allow the exemption. Therefore, you should prepare your integration to handle a request for SCA, e.g. sending an e-mail to a subscriber to re-verify their subscription.

Adding support for strong customer authentication (3-D Secure)

For regular payments (not recurring payments, e.g. subscriptions or merchant initiated transactions), the easiest way of supporting 3-D Secure for SCA is to use our payment popup which has built-in support for 3-D Secure. If you do not use our payment popup, see how to integrate with 3-D Secure here.

If you do recurring, get in touch. We are updating our 3-D secure service to enable you to initiate 3-D Secure for recurring transactions.

If you have any questions about SCA, PSD2 or 3-D Secure, please get in touch.