On Tuesday, Stripe, the online payments platform provider, announced that it has upgraded its products to be compliant with Strong Customer Authentication (SCA) under the second Payment Services Directive (PSD2).
This announcement comes just after Stripe confirmed that it has acquired Touchtech Payments, a Dublin-based payments start-up. Touchtech Payments is a provider of advanced SCA-compliant authentication technology for Europe’s fintechs and challenger banks, like N26, TransferWise, and many more.
From 14 September 2019, all the authenticating online payments in Europe will be required to comply with the SCA, which is a new European regulation introduced to reduce fraud and make only payments safer. It will be applicable to customer-initiated online payments within Europe, which includes most card payments and all bank transfers.
To be SCA compliant, online payments platform need to have additional authentication mechanism in their payment flow. It should have at least two of the following requirements:
- Something the customer knows like a password or PIN
- Something the customer has like phone or hardware token
- Something the customer is like fingerprint or face recognition
Making online payment platforms compliant with this regulation will not be an easy task for individual banks and payment providers across Europe. Additionally, a new step in the authentication can also cause some friction in payments and hinder user experience.
So, to ease this process, the Stripe payments platform will take up the responsibility of analyzing each transaction to check whether it needs an additional authentication required or not. If required, Stripe will authenticate the transaction with appropriate new technologies.
Updates are made in the following products:
The Payment Intents API
This new Payment Intents API will enable businesses to easily build SCA-compliant fully-customized, dynamic payment flows. This API tracks the state of payment and triggers additional authentication when needed.
Upgraded Stripe Checkout
Stripe Checkout, a smart payments page, enables businesses to start accepting payments with just a few lines of code. The latest version of Stripe Checkout is capable of dynamically detecting when SCA is required and triggers authentication when necessary. Dynamic 3D Secure provides an additional layer of authentication for credit card transactions.
3D Secure 2 support
Stripe supports 3D Secure 2 on the new Payments Intent API and Checkout. 3D Secure 2 aims to address all the limitations in 3D Secure 1 by introducing “less disruptive authentication and better user experience.”
With this authentication process, businesses and their payment providers are can send more data elements on each transaction to the cardholder’s bank. This data may include payment-specific info like shipping address, the customer’s device ID, or previous transaction history. The cardholder’s bank can then use this data to calculate the risk level of the transaction and take a suitable response.
Upgraded Stripe Billing
Billing makes recurring billing process for SaaS and subscription-based companies smoother. Along with SCA-compliance, the company also announced that the product is now available for all the businesses in Europe.
Tara Seshan, product manager for Stripe Billing, said in a press release, “With Stripe Billing, companies of all sizes now have access to advanced invoicing tools that will also help them comply with SCA and VAT requirements.”
In the next few weeks, the company plans to roll out tools in the Stripe Dashboard for business already using Stripe to make them ready for SCA.
Read the official announcement on Stripe’s website.
*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Bhagyashree R. Read the original post at: https://hub.packtpub.com/stripe-updates-its-product-stack-to-prepare-european-businesses-for-sca-compliance/