Payment Plugins - Strong Customer Authentication (SCA) deadline is approaching

Hi everyone,

I wanted to find out what where are we with SCA. If people are not aware, it is sth similar to last year's GDPR, so again for EU based customers - but this time for payments. High level - if a customer is making a purchase, he/she needs to input a bit more details in order to be authenticated. Deadline is 14.09.2019. If we don't oblige, we - people with websites who take money via payment plugins, will not be able to take the money...

If I understood that correctly - those are the involved parties: banks (where customers have credit cards) could/should ask for extra info to authentice teh payment => info is requested to payment gateway=> via payment plugins it connects with our websites. So long story short - we need to be able to send to our payment gateways few more fields (that we are anyway collecting) so they can forward that to the banks to authorise the payment.

All the payment gateways (stripe, braintree etc) are now implementing that thing so if I understand correctly, the only thing to do is to adjust all the payment plugins to send a bit more info to them. And payments plugins were also developed by Tuan and the team, so I would assume you guys are hopefully on top of it.
When can we expect the new versions of payment plugins?

Cheers,
Justyna

Hi Justyna

We are developing a new payment plugin (new kind of Stripe payment option called Stripe Checkout)

Honestly, there are still difficulty which we need to address. We will try to have it available within the next 4 weeks

Regards,

Tuan

Thanks. I'm actually interested in Braintree as this is what I use. When will you have this available? also within the next 4 weeks?

I'm not sure if this is a requirement from Braintree ? If so, do you have link to documentation?

Tuan

Hi Tuan,

This is a requirement for ALL payment processors. Actually, it's a requirements from the UE that forces banks to make sure the payment are validated by a second factor.

For Stripe for instance, when paying with a Visa or Mastercard,they will implement this with 3DS, ie after bank n°, exp date and CVC is sent to Stripe through their API, they will respond that the customer needs to be redirected to their bank. The bank will then send customer a text with a code, or use the bank app to validate the transaction. Then user is redirected to the merchant.

So again, absolutely ALL payments processors are required to do that because it's the bank of the customers that will refuse payment if authentication through a sms or similar is not performed. Braintree or Stripe cannot do anything about it.

With Paypal it's easy because customers already go to Paypal website for payment, so paypal will send them to the bank page, then back to Paypal then back to merchant site.

I urge you to take a closer look because on sept 14, all payments between a EU customer and and a EU merchant will stop working it not implemented.

We will also need some time to install and test any new version of course.

Best regards

Actually, I started working on it and had it working for some of my extensions (Events Booking, Payment Form, Eshop...)

For Membership Pro, it will take more time as we need recurring payment support. I will make sure it will be available before the end of next month

Tuan

Hello

Just want to update that today, I completed the development for MP Stripe Checkout payment plugin (which is compatible with Strong Customer Authentification requirement). You can go to www.joomdonation.com/payment-plugins/mem...payment-plugins.html , purchase MP Stripe Checkout payment plugin to use it

Please note that to make sure old recurring subscriptions will still work, we had to make the new payment plugin has same name with old os_stripe payment plugin. So install new plugin will over-write the old plugin

If you want to test it, better install it before applying to live server, better setup a separate test site

Also, there are some extra settings needed. So please refer to readme.txt file in the payment plugin package for details

If you purchased original Stripe payment plugin in less than 6 months, you can submit a support ticket to ask for coupon code to receive discount for new payment plugin

Regards,

Tuan