What is Strong Customer Authentication
Strong Customer Authentication is a new European regulation coming into effect on September 14 2019, which will require that customers authentication themselves for many online payments. This will be done by asking the customer two of the following:
- Something you know (e.g. PIN or password)
- Something you have (e.g. card number/phone number)
- Something you are (e.g. fingerprint / face recognition)
It will be the issuer’s responsibility to request authentication and verify the responses, and they may, under certain circumstances forgo the authentication depending on their own risk assessment. However, if the issuer does request additional authentication and your checkout process does not support it, this will potentially lead to a high level of failed charges.
If you are using Event Organiser to sell tickets and accept card-payments online then you will need to update Event Organiser Pro and your payment gateways when those updates become available (see below).
Who is impacted?
Merchants that are located in the EU and sell online to EU customers. Additionally there are exemptions that can be applied by the card issuer for low risk and low value transactions, but this should not be relied upon.
In terms of payment gateways, you do not need to take any further action if you use:
- PayPal (Website Standard Payments – included as part of Event Organiser Pro), or PayPal Express Checkout – as any authentication steps will be handled by PayPal
- iDeal – again as any authentication steps will handled in the off-site checkout flow
- Offline – as these rules apply to online payments only
- Or generally any other gateway in which you redirect the customer to the gateway to complete payment (assuming the gateway has explicitly said they support Strong Customer Authentication).
You will need to update both Event Organiser Pro (to version 3) and the gateway extension for:
- Any other gateway in which you collect card details on your site.
What do I need to do?
Nothing yet, but when the updates become available you will need to:
- Update your payment gateway extension (e.g. Stripe, iDeal).
- Update to Event Organiser 3
Announcements will be made nearer the time. Please note that even after updating the payment gateway, you will still need to upgrade to Event Organiser Pro 3 to be SCA compatible.
Event Organiser Pro 3
In order to support SCA, Event Organiser will need to change how the checkout process works. Currently, a booking is made and payment confirmed in one step. To allow for potential additional authentication, Event Organiser Pro 3 will split the booking into a multiple-step process, whereby a booking is made and then (if applicable), customers are prompted to pay. This will all happen on the same page, without the need for a page reload.
This all involves a breaking change to the checkout process, which means before upgrading to Event Organiser Pro 3 you will need to ensure you have updated the payment gateways you use to a version that supports it. These updates will be announced in August.
Further information will be made available in the coming weeks about the changes that will be made in Event Organiser 3, and how they will impact your site. Generally speaking, if you have not made any in-code customisation to the booking form or the templates, or implemented your own payment gateway, you shouldn’t need to do anything.
When will updates become available?
Event Organiser Pro 3 will be made available by the end of August, with a beta version available before then.
Updates to the payment gateways Stripe, iDeal & PayPal Express Checkout will be made available by mid-August. These will be backwards compatible so that you are able to update them ahead of Event Organiser Pro 3.