All Collections
Getting Paid
Getting Paid FAQs
SCA Compliance
SCA Compliance

Strong Customer Authentication (SCA) is an European regulation to reduce fraud during online and contactless transactions

Updated over a week ago

Stripe

We use Stripe's Payment Intents API to handle our complex payment workflow. It tracks a payment from creation through checkout and triggers additional authentication steps when required.

Some of the advantages of using the Payment Intents API include:

  • Support for Strong Customer Authentication (SCA) and similar regulatory changes

  • Automatic authentication handling

  • No double charges

  • No idempotency key issues (safely retrying requests without accidentally performing the same operation twice)

When both the business and the card issuer bank are located in the European Economic Area (EEA), these requirements apply to online transactions with cards.

NOTE: SCA regulatory requirements may be enforced in the UK, regardless of the outcome of Brexit.

There are some exemptions, such as:

  • Payments below 30€ are considered "low value." They may be exempted from SCA if the exemption has been used less than five times since the last successful authentication or if the sum of previously exempted payments exceeds 100€.

  • When you use Stripe Radar, they perform a real-time risk analysis to determine whether to apply SCA to a transaction with the condition that the payment provider or card issuer's overall fraud rates are low. Otherwise, either Stripe or the bank may require authentication.

  • Recurring payments to the same business for the same amount require SCA only for the customer's first payment; subsequent charges, however, may be exempted from SCA.

  • Renewals, technically known as "off-session" payments, are marked as a "merchant-initiated transaction," which will be similar to requesting an exemption.

NOTE: The bank has the final word on whether the transaction requires authentication, regardless of the exemption.

Authorize.net

We could not find information or announcements from Authorize.net about SCA Compliance, which may indicate that they are not compliant as of now, nor any payment solution that integrates with Authorize.net. If your clients are outside the European Economic Area, these regulations won't affect you.

PayPal

PayPal is SCA compliant and handles the authentication requests and processing for you.

Related Articles
Payment Providers Overview
Create a Custom Payment Provider Integration with Stripe Checkout and Zapier
Did this answer your question?