Payment gateway upgrades: PSD2 and SCA

As part of an EU directive known as PSD2 (Payment Services Directive Two), donation gateways in Europe are now required to increase the security of payments that they receive from supporters and reduce fraud, via a process called SCA (Strong Customer Authentication).

The deadline set by the European Commission for EU compliance was Dec. 31, 2020, while the UK has further extended the implementation period whereby banks will not be required to fully comply with SCA until March 14, 2022. 

What is SCA?

You have probably already seen an online payments process in which you are redirected to a message from your bank, prompting you to enter a password. This process is known as “3D Secure,” and may already be implemented on your gateway(s). 

Under the SCA rules, the user is not redirected to a screen (except for the RSM payment gateway). Instead, a pop-up message is displayed if the bank decides that they require more credentials, asking the end user to type in a password or a code that the user received via text message. This authentication method is referred to as “3D Secure 2.”

Who is impacted by SCA requirements?

Those accepting online payments where both the acquiring (i.e. organization’s) bank and the issuing (i.e. supporter’s) bank are located in the EU or UK are subject to SCA compliance. With unknown impact of enforcement policies, it is recommended to be prepared as early as possible to ensure criteria are met and donations can be accepted smoothly. 

SCA Compliant Gateways with 3DS2

The following gateways are SCA compliant, supported with 3D Secure 2 on Engaging Networks:

  • Payflow 

  • Paysafe 

  • Stripe 

  • Moneris

  • RSM 

  • Worldpay – from 14th October 2022

Please contact Support with any questions in ensuring your gateway implementation is set up to support 3DS2.

Peer-to-peer

PSD2 is currently supported on the Peer-to-Peer module exclusively through Stripe 3DS2 ONLY. The information above relates to gateway compliance on all other fundraising modules on Engaging Networks.

Pay via Paypal

You do not need to use PSD2 with Pay via PayPal, where it redirects to the PayPal log-on screen, so no changes are needed.

Gateways NOT Yet SCA Compliant

PayPal Pro

As of October 2022, PSD2 will not be supported for PayPal Pro, due to PayPal’s removal of CardinalCommerce, which handled the authentication processes, from the API we use to connect. 

However, Pay Via PayPal is supported (this is where the supporter is redirected to a PayPal logon page). 

ACI, iATS, Vantiv (VAP)

These gateways have either not offered technical solutions to enable 3DS or are primarily used outside of the SCA impacted regions. You may continue using these gateways on Engaging Networks, but please note that those fundraising in the EU or UK will need to use one of the compliant gateways listed above to accept donations from supporters in impacted regions until further updates are made.

PayPal and Stripe digital wallets may also be used in combination with any other gateway on a page and are SCA compliant.

If fundraising with supporters in the EU or UK, please ensure your organization verifies your gateways are SCA compliant in advance of compliance deadlines, to provide additional security for your online donations, and to help deter or thwart fraud attacks. 

Testing 3DS2

We strongly advise that you set up a “test version” of your donation pages, with test gateway credentials assigned to these pages. Only after thorough testing should you make these pages “live” with the payment gateway enabled. 

Your supporters’ interaction with 3D Secure 2 will take place primarily on your fundraising pages, using Javascript to trigger a “pop-up layer” for the additional authentication steps. You should therefore fully test how it will work on your own donation templates and ensure it works alongside any custom code used on your pages.

If you have any questions, please don’t hesitate to contact Support.