Strong Customer Authentication
On 14 September 2019, new requirements for authenticating online payments known as Strong Customer Authentication (SCA) will be introduced in the European Economic Area. SCA is a new European regulatory requirement to reduce fraud and make online payments more secure. As part of SCA, banks will begin to decline payments that require additional authentication but none was provided. Although we anticipate a gradual enforcement of SCA, we expect the first banks to start declining payments without two-factor authentication on 14 September.
Does SCA affect me?
Strong Customer Authentication will apply to “customer-initiated” online payments within Europe. As such, SCA will have the most impact on property managers who are either based in Europe or have a large percentage of European guests. However, it should be noted that European cardholders, in general, may be required to authenticate their purchases and thus, all users will experience some need to adjust to a larger percentage of declined transactions.
What is Tokeet doing about SCA?
Tokeet has been working closely over the past few months with our payment processors, banks, and channel partners to prepare for the implementation of SCA. In preparation for these new regulations, we have upgraded our systems in the following ways.
1. Tokeet's Billing Info page for subscription payments.
If you already have your credit card on file with Tokeet there should be no need to update or authenticate it. For newly added cards, once authenticated, subscription renewals should process automatically without needing to be re-authenticated. Keep in mind that not all cards will require authentication. You will be notified via email should any of your subscription payments fail to process. If this happens, simply login to Tokeet and re-enter your card info. Your subscription will be canceled after 5 failed attempts to charge your card.
2. Tokeet invoices sent to guests.
Invoices sent to your guest via Tokeet have been fully upgraded to meet SCA requirements and will now offer 2 factor authentication when required. The authentication process for one time payments will be determined by the requirements set by the guest's bank. You don’t need to do anything here, we’ve made all the updates for you.
3. Card info provided by channel partners.
When a guest’s card details are provided by a channel partner and saved in your connected Stripe account you may charge the card from within Tokeet. Please note that if the charge fails it is recommended that you send the guest a Tokeet invoice for payment prior to marking the card as declined in the channel. This is because a decline due to SCA will not be resolved by the guest adding another card via the channel.
You will also most likely see a banner at the top of your screen when viewing your payments that says "The payments on this page didn't use an SCA-ready product. Until you update your integration, payments like these are at risk of being declined."
This message is expected as EEA restrictions are not placed on users with cards originating outside of the EEA. The pay by saved card option is not SCA-ready by definition, as no authentication is possible when requesting payment via this method.
If you would like more information on these new regulations please see the following resources.
https://en.wikipedia.org/wiki/Payment_Services_Directive
https://stripe.com/guides/strong-customer-authentication
https://support.stripe.com/questions/strong-customer-authentication-sca-enforcement-date