PSD2, Strong Customer Authentication and 3D Secure 2.0
As business owners, we receive so many different notifications and alerts every day that it can be a challenge to sort through them all and figure out where action is required. It is likely that you have received communication from your payment processor(s) informing you that the Revised Payment Services Directive (PSD2) goes into effect September 14, 2019, and urging you to update your integration to be in compliance.
In general, the main requirement of PSD2 as it relates to online businesses is Strong Customer Authentication (SCA) – similar to what people refer to as two-factor authentication – which necessitates a 3D Secure (3DS) checkout flow for initial and one-time purchases where both the initiating and acquiring banks are both in the European Economic Area (EEA).
MemberMouse takes very seriously the responsibility to implement security and infrastructure updates for all the payment gateways that we support. Our development team is on track for a new release to allow your site to be in compliance in advance of the mid-September deadline.
There is no action required from MemberMouse customers at this time. The new release of MemberMouse will contain updated payment integrations and incorporate changes necessary for the 3DS checkout flow. A simple manual update to the MemberMouse plugin will be all that’s necessary on your site. Read more below for additional information about specific payment processors’ SCA efforts.
Stripe and Braintree
Stripe and Braintree will both be relying on 3D Secure 2.0 to provide authentication. Applying 3D Secure typically adds an extra step after the checkout where the cardholder is prompted by their bank to provide additional information to complete a payment (such as, a one-time code sent to their phone or fingerprint authentication through their mobile banking app). MemberMouse efforts are focused on working to amend our integration and checkout flow as necessary to support this functionality.
- Stripe’s Documentation: You can read Stripe’s documentation about SCA here.
- Braintree’s Documentation: And Braintree’s documentation can be found here.
Especially interesting to take note of are the exceptions to SCA that each gateway supports and does not support. These can be found in the above linked to documentation.
MemberMouse uses the PayPal hosted integration which means that your customers are automatically directed from your website to PayPal once they’re ready to pay. And since PayPal hosts the payment process, PayPal will augment their “Pay with PayPal” user flow to handle the new Strong Customer Authentication requirements. There will be no work required by merchants.
As of this writing, Authorize.net has not made a public statement nor provided integration guidance. Based on our research and inquiries, it seems that they will not be supporting PSD2. This is only relevant to those customers whose bank is located in the EEA.
MemberMouse will continue to support our Authorize.net integration as is. However, if you are currently processing through Authorize.net, and will be affected by PSD2 because you are located in the EEA, we highly recommend that you evaluate other payment provider options such as Stripe.
If you have additional questions, you should contact Authorize.net directly.
MemberMouse will be contacting our customers directly when the new release is available with upgrade instructions and all other necessary information
We look forward to making the compliance with this regulation simple and straightforward for you, so you can focus on your community and your business.
Cynthia is the Head of Customer Experience for MemberMouse.