I wanted to find out what where are we with SCA. If people are not aware, it is sth similar to last year's GDPR, so again for EU based customers - but this time for payments. High level - if a customer is making a purchase, he/she needs to input a bit more details in order to be authenticated. Deadline is 14.09.2019. If we don't oblige, we - people with websites who take money via payment plugins, will not be able to take the money...
If I understood that correctly - those are the involved parties: banks (where customers have credit cards) could/should ask for extra info to authentice teh payment => info is requested to payment gateway=> via payment plugins it connects with our websites. So long story short - we need to be able to send to our payment gateways few more fields (that we are anyway collecting) so they can forward that to the banks to authorise the payment.
All the payment gateways (stripe, braintree etc) are now implementing that thing so if I understand correctly, the only thing to do is to adjust all the payment plugins to send a bit more info to them. And payments plugins were also developed by Tuan and the team, so I would assume you guys are hopefully on top of it.
When can we expect the new versions of payment plugins?
This is a requirement for ALL payment processors. Actually, it's a requirements from the UE that forces banks to make sure the payment are validated by a second factor.
For Stripe for instance, when paying with a Visa or Mastercard,they will implement this with 3DS, ie after bank n°, exp date and CVC is sent to Stripe through their API, they will respond that the customer needs to be redirected to their bank. The bank will then send customer a text with a code, or use the bank app to validate the transaction. Then user is redirected to the merchant.
So again, absolutely ALL payments processors are required to do that because it's the bank of the customers that will refuse payment if authentication through a sms or similar is not performed. Braintree or Stripe cannot do anything about it.
With Paypal it's easy because customers already go to Paypal website for payment, so paypal will send them to the bank page, then back to Paypal then back to merchant site.
I urge you to take a closer look because on sept 14, all payments between a EU customer and and a EU merchant will stop working it not implemented.
We will also need some time to install and test any new version of course.
Last edit: 1 month 3 weeks ago by Yannick Gaultier.
Please note that to make sure old recurring subscriptions will still work, we had to make the new payment plugin has same name with old os_stripe payment plugin. So install new plugin will over-write the old plugin
If you want to test it, better install it before applying to live server, better setup a separate test site
Also, there are some extra settings needed. So please refer to readme.txt file in the payment plugin package for details
If you purchased original Stripe payment plugin in less than 6 months, you can submit a support ticket to ask for coupon code to receive discount for new payment plugin