Are you collecting Stripe payments in your WordPress forms? Find out how the European Strong Customer Authentication (SCA) requirements affect you. Plus, learn more about Formidable Stripe v2.0.
Europe is making more big moves in protecting personal information. First, GDPR compliance took the internet by storm in 2017. Now that personal information is protected, electronic payments are up next.
On September 14th, 2019, Strong Customer Authentication (SCA) will go into effect. For now, these requirements affect companies in the European Economic Area who collect payments from customers in the EEA.
What's the point of Strong Customer Authentication (SCA)?
SCA requires multi-factor authentication for better card security. In-person credit card payments meet this requirement with the card chip reader and pin number. But online card payments don't have the same security as those made in-person.
With SCA, some accounts must authenticate online payments with the card issuer. This can greatly reduce fraudulent payments and protect card holders.
Does SCA benefit vendors?
Although the extra steps to authenticate a payment may cause a drop in conversion rates, vendors get positive benefits as well. Any payments authorized with 3D secure processing come with great fraud protection. The fraud liability is shifted away from you, to the card issuer.
No more chargebacks!
How does SCA affect my Stripe payment forms?
3D secure payment processing fills the need for extra verification. When a card needs authentication, the customer is sent to the card issuer (ie Visa, MasterCard). This will happen through a popup before form submission, or redirection after submit. Here they will verify the payment and then return to your site.
Depending on the complexity of your payment settings, you can process the payment before entry submission or after. If your forms are simple, you can use the popup verification before. This feels like less of an interference with the payment process in your forms.
For more complicated forms, payment verification will need to be done after the entry is created. This includes forms with optional online payment processing, or custom code to set the final price. Once the entry is finalized and all the needed processing done, the final payment amount can be set.
Currently, the Stripe API doesn't have an option to setup new subscriptions using the pop-up method. For now any recurring payments are made after entry creation, as it did before Formidable Stripe v2.0.
Does this affect me if I'm not in the EEA?
If your company is based outside of the EEA, you won't be penalized if your payments forms fail to meet the SCA requirements. However the updates for 3D Secure payments also make your site as PCI compliant as you can get.
With the Formidable Stripe plugin, credit card details are no longer included in the forms on your site. The field appears in the same place in your payment forms as before, but is now an iframe hosted by Stripe. This means they handle all the compliance and the info will never have the chance to touch your server.
At times, PCI compliance may need verification. With Formidable Stripe 2.0+, you can download the compliance verification right from your Stripe account. It's automatically generated for you. Easy, huh?
What else is new in Formidable Stripe v2.0?
Stripe elements for generating credit card fields
Before Formidable Stripe v2.0, the HTML for the credit card field was generated by Formidable. Now it is Stripe Elements handles it to give you the most secure option available. This new field looks a bit different, since Stripe will include any extra fields you may need. If you require zip codes to verify cards, it'll be there for you.
This new credit card field also validates as you go, and instantly shows messages about an invalid card number, expiration date, or CVC number. Your customers get a more frictionless way to pay you, which leads to better conversion rates.
Secure payment processing has a few side effects that may interfere with the way you have been processing payments. Many of the options in the credit card field settings been removed. This includes placeholders and options to save card numbers.
Now that the card field is handled by Stripe, it isn't possible to save card numbers on your site. In most cases, this is good news. Saving cards on your site opens the door to major PCI compliance issues. Unfortunately, we see a lot of people who didn't realize it isn't a safe option on their site.
Authorize and capture payments separately
Are you among the group that has been requesting the option to process payments manually later? Wish granted. Each one-time payment Stripe form action now includes an option to capture payments at the time of submission or later.
If you opt for later, you can manually trigger the payment anytime within 7 days. This can be done on the Formidable → Payments page or directly in your Stripe account.
Get fraud protection and SCA compliance
Now you know what the Formidable Stripe plugin can do for you. Go to your WordPress plugins page to update today.
Not using Formidable Forms yet? Get started today.