Strong Customer Authentication readiness

Learn how the Strong Customer Authentication regulation affects your business and how to update your integration to support it.

Strong Customer Authentication (SCA), a rule in effect as of September 14, 2019, as part of PSD2 regulation in Europe, requires changes to how your European customers authenticate online payments. Card payments require a different user experience, namely 3D Secure, in order to meet SCA requirements. Transactions that don’t follow the new authentication guidelines may be declined by your customers’ banks.

To support SCA, you should:

Determine if your business is impacted
Decide which one of the SCA-ready products is right for your business
Make changes now to avoid declined payments

Caution

If you use a third-party plugin, platform, or extension partner from the Partners gallery, contact your Stripe partner to see what (if any) work you need to do to support SCA. Please reach out if you have any questions. You can also see the frequently asked questions for information on SCA enforcement.

Impacted businesses and payments

Update your Stripe integration for SCA if all of the following apply:

Your business is based in the European Economic Area or you create payments on behalf of connected accounts based in the EEA
You serve customers in the EEA
You accept cards (credit or debit)

While some low-risk transactions (based on the volume of fraud rates associated with the payment provider or bank) do not require authentication, banks can choose to not honor these exemptions and request that the customer complete authentication. Even if you’re primarily processing low-risk transactions, update your integration so your customers can complete authentication when requested by the bank. Stripe’s new products and APIs help you claim these exemptions and maximize conversion by only requesting authentication when absolutely necessary. Learn more about SCA exemptions.

SCA-ready products and APIs

Stripe provides prebuilt and customizable solutions to help you meet SCA requirements. Integrations that aren’t SCA-ready, like those using the legacy Charges API, will see high rates of declines as banks begin enforcing SCA.

Whether you collect one-time payments or save cards for later reuse, Stripe has SCA-ready products that let us update your integration for future regulations, with minimal changes required by you.

One-time payments

Accept card payments with the Payment Intents API and Stripe’s new version of Checkout—a prebuilt, Stripe-hosted checkout flow that automatically handles SCA requirements for you. Checkout is customizable and lets you accept payments for one-time purchases and subscriptions on your website.

Reusing cards

Save a card for later reuse with Stripe’s new Payment Intents and Setup Intents APIs. You can also use Checkout—a prebuilt, Stripe-hosted checkout flow—to automatically handle SCA requirements, or use Stripe Billing to handle SCA for subscription models.

SCA Migration

Read the SCA migration guide to learn more about which products are best suited for you. For specific product recommendations based on common business scenarios, check out the SCA payment flows guide.