New european regulation for digital payments,
how to comply with the SCA in your webs and apps using Stripe.

July 22th, by Xavier Bassols

New european regulation for digital payments,

how to comply with the SCA in your webs and apps using Stripe.

July 22th, by Xavier Bassols

The new European law for electronic payments Strong Customer Authentication (SCA) will come into effect on September 14th 2019. The law addresses the current state of the electronic transactions and introduces the usage of the new protocols PSD2 (Payment Services Directive 2) and 3DS2 (3D Secure 2).

The goal of such law is to reduce fraud in online payments in any electronic form, such as websites or apps.

So if you don’t want to run into unsuccessful payments in your website or app, keep reading!

Some history about 3DS2

3DS1 was designed to add a new layer of protection against electronic transactions.

As we all know, 3DS1 forces a redirection to the bank website through an iframe, verifies the entire process with a bank key (or similar) and goes back to the seller’s page.

The entire process can make the user give up the purchase due to the length and the annoyance of the procedure. As a result, 3DS2 was introduced by EMVCo to improve the user experience of electronic payments.


Which business are affected?

  • Business from the European Union.
  • Business with clients from the European Union.
  • Business that accept payments with cards.

Consequently, every online business that doesn’t comply with the new directive will run into issues with electronic payments. A recent study by Stripe found that the sum of transactions that will not comply with the directive and because of that be denied could approximately be worth 57 billions of euros.

How will this affect my website or app?

3DS2 is simple, very simple. For every transaction, the client transfers much more information to the seller so the bank can assess the validity of the purchase with the following criteria:

  • If all the data is valid, the user doesn’t need to do anything else. This process is similar to the one-click purchase that we are all so used to. The app or the website will already have the card details so the user only needs to click on ‘pay’.
  • If the bank feels like some data is flawed or incomplete, it will proceed to request more information. In this case, the rest of the process will be done natively, by letting the banks incorporate workflows such as verification via fingerprint or facial recognition.

How do I update my website or app?

If you own a website or application that supports online payments via Stripe (or similar), you will need to make some modifications both in the client and the backend so they comply with the new legislation.

Dribba is already implementing the required changes so our clients don’t see their service disrupted once the law comes into effect Both the native modules for iOS (Swift y Objective-C), Android (Java y Kotlin), Flutter y React Native and the different backend workflows are ready.

If you own a website or app with either single or subscription payments and you want to implement the new SCA protocol required to keep operating in the European Union, don’t hesitate to call us at +34 93 408 90 30 or send us an email at [email protected] so one of our engineers can further discuss your individual situation with you.

Related news