Strong Customer Authentication threatens to add friction to the checkout process. Stripe will discuss what this really means for app users and how retailers can prepare for the change.
21. (e.g. PSD2, SCA,
GDPR)
REGULATION
(e.g. 3D Secure 2,
Open banking)
TECHNOLOGY
T H E G R O W I N G C O M P L E X I T Y O F O N L I N E PAY M E N T S
(e.g. mobile first, local
payment methods)
CUSTOMER
HABITS
22. 2019
As part of PSD2, Europe
enforces Strong
Customer Authentication
on online payments.
27. PSD2 requires European online
payments to be authenticated
1 Customer-initiated payments: most
card payments and all credit
transfers.
2 Payments within EEA: both issuer
and acquirer are located in the EEA.
3 Enforced from September 14: issuers
are required to decline non-compliant
transactions from September 14, 2019.
ONE-LEG
TWO-LEG
28. Something they
O W N
(e.g., phone or
hardware token)
Something they
A R E
(e.g., fingerprint
or face ID)
Something they
K N O W
(e.g., password or
security question)
A U T H E N T I C AT I O N W I T H 2 O R M O R E E L E M E N T S
29. ing they
O W
sword or
question)
Something they
O W N
(e.g., phone or
hardware token)
Something they
A R E
(e.g., fingerprint
or face ID)
A U T H E N T I C AT I O N W I T H 2 O R M O R E E L E M E N T S
31. ]
S C A H U R T S C O N V E R S I O N
Average drop-off rate
in Europe when using
3D Secure
↓ 11%
Mastercard estimates that the
number of transactions requiring 3D
Secure will triple as a result of SCA
19% → 57%
32. 3 D S E C U R E 2 : A B E T T E R A U T H E N T I C AT I O N E X P E R I E N C E
UX-improvement
Ability to apply exemptions
3D Secure 2 will be
progressively supported among
issuers starting April 2019.
33. Website Payments
Standard Integration
Guide payment-integration-guide.pdf
Portable Document Format (PDF)
466 Pages
Second Payment
Services Directive
(PSD2)
Strong Customer
Authentication
E X E M P T I O N S
Trusted beneficiaries
Low transaction value (<€30)
Transaction Risk Analysis (TRA)
Recurring payments
Contactless payments
Corporate payments
O U T O F S C O P E
Merchant-initiated transactions (MIT)
MOTO
PAY M E N T S T H AT C A N B E E X C L U D E D F R O M S C A
34. W H AT PAY M E N T S C A N B E E X C L U D E D ?
Whitelist businesses you trust to
avoid subsequent
authentication.
T R U S T E D B E N E F I C I A R I E S
35. W H AT PAY M E N T S C A N B E E X C L U D E D ?
Transactions below €30 may
be exempted from SCA.
L O W-VA L U E T R A N S A C T I O N S
Below €30
Low fraud PSPs can exempt
transactions below a specific
amount threshold.
L O W- R I S K T R A N S A C T I O N S
Below €100, €250, or €500
Stripe’s real-time risk scoring
unlocks this exemption
36. W H AT PAY M E N T S C A N B E E X C L U D E D ?
The first payment requires SCA,
subsequent payments may be
exempted.
S A M E - A M O U N T S U B S C R I P T I O N S €10 €10 €10 €10
37. W H AT PAY M E N T S C A N B E E X C L U D E D ?
M E R C H A N T I N I T I AT E D T R A N S A C T I O N S
INITIATE TRANSACTIONSAVE CARD
Off-session transactions with saved cards
are considered as merchant-initiated and
outside the scope of SCA.
38. Using exemptions to limit
authentication will be
tomorrow’s biggest
conversion driver.
“
39. A C O M P L E X R E G U L AT I O N T H AT ’ S D I F F I C U LT T O N AV I G AT E
EU high level requirements
GB regulator FR regulator DE regulator …
Visa Mastercard Cartes Bancaires …
Amount On-session / off-session Recurring / one-off …
HSBC Barclays Deutsche Bank BNP Paribas …
T R A N S A C T I O N C H A R A C T E R I S T I C S
I S S U E R I M P L E M E N TAT I O N
C A R D N E T W O R K R U L E S
N AT I O N A L R E G U L AT O R S I N T E R P R E TAT I O N
E U R E G U L AT I O N
40. A C O M P L E X R E G U L AT I O N T H AT ’ S D I F F I C U LT T O N AV I G AT E
Taking on the complexity
Helping you optimise
conversion by minimising the
need for SCA
EU high level requirements
GB regulator FR regulator DE regulator …
Visa Mastercard Cartes Bancaires …
Amount On-session / off-session Recurring / one-off …
HSBC Barclays Deutsche Bank BNP Paribas …
41. T H E C H A L L E N G E O F S C A I N A N U T S H E L L
Your payments will be declined if
you don’t support authentication.
A simple and unified integration for all
major authentication methods (incl. 3D
Secure 1, 3D Secure 2, Apple Pay).
Poor authentication UX will lead to
high customer drop-off.
API and UI components to build the
payments experience that’s right for you,
with in-checkout authentication and
web-responsive UI.
Exemptions are key for better
conversion — but difficult to manage.
Dynamic authentication engine that optimises
the use of exemptions, with support for real-
time transaction risk analysis.
Issuer logic will evolve over time.
Sophisticated authentication logic
maintained and updated by Stripe to help
you stay ahead of changing regulation.
42. S T R I P E . C O M / G U I D E S
Understanding Strong Customer Authentication
S T R I P E G U I D E
S T R I P E G U I D E
3D Secure 2: A new authentication standard