Enabling Strong Customer Authentication (SCA) in WordPress

Hands holding plastic credit card and using laptop.

There are many things to consider when buying and selling items online. Whether you have a large eCommerce operation or a side-gig selling products on eBay, protecting yourself and your customers against fraud should be a central part of your business plan. 

With that in mind, Strong Customer Authentication (SCA) is a way to verify the identity of anyone initiating a purchase online. In fact, the European Union (EU) has included this particular process in its revised Payment Services Directive (PSD2) regulations. It’s now a requirement for merchants conducting sales in the European Economic Area (EEA) to enable SCA methods during checkout. 

In this article, we’ll provide an overview of what SCA is and how it can impact WordPress users. We’ll also take a look at some SCA-ready plugins and services. Let’s dive right in!

What Is Strong Customer Authentication?

When it comes to the regulation of online and digital activities, the EU has been quite active recently. One example is the recent General Data Privacy Regulation (GDPR), which has had an impact on websites and businesses of all types.

Turning its attention to online payment security, the EU enacted a law in September 2019 that requires merchants to use SCA at checkout if the customer’s bank or card issuer is a part of the EEA. This means that verification of the customer’s address or card CVV alone is no longer enough to verify their identity and complete a transaction. 

SCA employs Two-Factor Authentication (2FA), meaning that customers will have to fulfill two of the three verification methods available: 

  • Knowledge. To fulfill this method, the user would need to enter something only they know, such as a predesignated PIN or password. However, the information can not be a card number, CVV, or expiration date.
  • Possession. This option involves using something only the customer possesses, such as a personal phone or other mobile device.
  • Inherence. This is where biometric technology comes in. This method generally involves verifying the customer via a fingerprint, iris scan, or facial recognition. 

For now, if you’re a merchant in the US, you don’t have to comply with the SCA requirement unless you are actually registered in the EEA. However, making sure you are SCA-ready can help you retain customers. Otherwise, you may find that customers are unable to complete purchases if they are using an EEA-issued payment method. 

SCA Impacts on WordPress Users

Global online sales have hit $3.53 trillion in 2019, and projections continue to trend upward over the next few years. With that in mind, even if you’re a merchant that’s physically located outside of the EEA, you can’t really ignore SCA.

This is especially true if you’re using WordPress to host your eCommerce store. Since the combination of WordPress and WooCommerce is the most popular eCommerce solution on the market, it makes sense to pay close attention to how SCA is handled by both platforms.

One of the best things about WordPress is that it opens up the opportunity to participate in the global market to just about anyone. If you’re selling anything online, there’s a chance you’ll have customers in the EEA. Therefore, we recommend staying ahead of the curve.

You can do this by making sure your WordPress website is ready for SCA. In fact, many big-name eCommerce entities, such as Apple, have already implemented SCA methods. Similarly, many of the most popular payment platforms have also made adjustments to accommodate SCA requirements. 

SCA-Ready Plugins and Services

Staying on top of changes to the digital regulation landscape can set you apart if you’re running or designing websites. Whether you’re working for yourself or a client, knowing what plugins and services are already SCA-compliant can be a real time saver as well. 

There are a number of well-known payment options that have already made an effort to be SCA-compliant. For example, WooCommerce has made it easy to review the SCA status of all the payment gateways you can use with its platform, including: 

  • Stripe. Stripe is a popular payment option that’s available in over 40 different countries, and can deal in more than 135 currencies. 
  • Amazon Pay. While this payment option is a part of the booming Amazon system, Amazon Pay is only offered in 17 countries. However, it is SCA compliant and a trusted brand name. 
  • Klarna Payments. This is a payment system offered by one of Europe’s largest banks, and is available for merchants selling products in central Europe, Scandinavia, the United Kingdom, and the US. 
  • Klarna Checkout. Offered as a companion option for Klarna Payments, this checkout feature provides a well-tested and optimized checkout experience 
  • Sofort. This is another large, European bank option that covers 13 countries and four currencies (but does not include the US dollar). 
  • Global Payments Gateway. As the name suggests, this gateway is expansive and flexible. It includes over 140 payment methods, and operates in 170 different countries.
  • PayPal. A trusted name in online payments, PayPal from Braintree makes it possible for all US and non-US store owners to accept many forms of payment, and offers an easy setup process. 

Globally, PayPal is the third most-used payment gateway, followed by Apple and Amazon Pay. Since 54% of customers surveyed said that having more payment options makes a difference in their checkout experience, and a lack of payment options is a major contributing factor to shopping cart abandonment, it’s good that so many popular options are already SCA compliant.

Ensuring That Your Site Is SCA Compliant

When you make sure that your site is SCA complaint, you’re really shifting the burden of verification back to the card issuer. While some business owners have feared that the added steps during checkout will impact their conversion rates, this is a step that should benefit your site in the long run.

The goal of SCA is to decrease the frequency of payment fraud online. Consequently, ensuring that your WordPress site is SCA complaint is a smart move. One of the easiest ways to do this is to make sure you’re using one of the SCA-friendly payment gateways from our list above.

For example, the Stripe WordPress plugin offers extensive documentation on SCA compliance. In fact, once you configure the plugin for SCA, you can use Stripe’s 3D Secure test cards to make sure your checkout experience is working correctly. 

Keep Your Site Up to Speed With WP Engine

Staying abreast of changes to eCommerce compliance requires excellent developer resources and a secure, professional web host.

Here at WP Engine, we offer plans and solutions that can keep you up-to-date and compliant with important regulations. Check out our hosting plans for your next project!

Get started.

Build faster, protect your brand, and grow your business with a WordPress platform built to power remarkable online experiences.