More and more people choose online shopping because it's convenient and time-saving. In the era of globalization with rapid changes in technology, eCommerce is booming at an unprecedented speed.

That's why new security rules are updated continuously to ensure the benefits of vendors and customers.

Have you ever heard of SCA?

What is SCA?

SCA stands for Strong Customer Authentication, a new regulation for European customers when authenticating online payments. This new rule is expected to make online payments more secure.

IMPORTANT. This new rule will come into effect on September 14, 2019, as part of PSD2 (The Second Services Directives).

After that day, if you do not change your checkout flow properly, your business activities can be interrupted as online transactions are declined by your customers’ banks.

What is SCA
What is SCA

You guys can check out the original requirements of SCA - documented by European Union Law via

A new specification: 3D Secure 2.0

People are more familiar with 3D Secure 1.0 which redirects you to a new page for a code input during your eCommerce card transactions in order to ensure that you are exactly the person you say you are.

Actually, 3D Secure 1.0 is not good for your customers’ shopping experience. As you can see, the added layer of additional security can annoy your customers that leads to lower conversion rates.

Following with SCA, 3D Secure 2.0, a new specification is introduced to simplify the collection process of SCA information at the time of the transaction.

The first advantage is that it removes the clunky redirect. 3D Secure 2.0 uses certified SDKs and APIs to connect with banks and share customer data for authentication.

IMPORTANT. In April 2019, both Mastercard (Isser Mandate, Global) and Visa (Issuer Mandate, Europe) were ready for PSD2 by being 3D Secure 2.0 Compliant. It is projected that 3D Secure 2.0 will have launched in 2020 and onward.

Who needs to prepare for SCA?

Obviously, if your company is located in the European Economic Area (EEA) or you serve customers in European countries, you should add this update to your must-to-do list. The United Kingdom is the only place that is uncertain about SCA enforcement because of the Brexit delay.

How SCA changes the checkout flow?

1. Initiate a payment: Your customers will provide their detailed information and complete the checkout form.

2. Trigger dynamic authentication: Two-factor authentication is the core factor.

In order to accept payments with SCA, you need to build additional authentication using at least 2 of 3 elements: First, something you know (Password, Passphrase, Pin, Sequence, Secret fact); Second, something you own (Phone number; Wearable device, Smart card, Token, Badge); Third, something you are (Fingerprint, Facial features, Voice patterns, Iris format, DNA signature).

3. Complete the payment.

Basically, authentication is the added step into the payment process, right before authorization, which helps improve security for your online transactions.

Different business scenarios

To illustrate the impact and application of SCA, we’ve outlined how an authentication step can fit into payment flows for different business models.

1. eCommerce: One-time payment. Card not saved.

Customers are typically charged while they’re on-session and their card information is not saved for future payments. It should be easy to add authentication into this payment flow. You just need to authenticate with 3D Secure right after customers fill in their card details and place their orders.

2. Ridesharing: Payment captured within seven days of authorization. The final payment amount may change.

Ridesharing businesses and other on-demand marketplaces can authenticate with 3D Secure right after a ride is requested by customers. At that time, they’re still on-session.

If the final amount is more than the originally authenticated, the authentication need to repeat for the increased amount. If the final amount is less than the originally authenticated, no need to authenticate again.

You can also choose to authenticate and authorize for a larger amount when customers first request a ride. However, it will create unsafe feelings for your customers.

3. Crowdfunding: Payment captured more than seven days after authorization.

For crowdfunding platforms, payments are captured when a campaign ends up successfully. You can authenticate with 3D Secure when a customer pledge to donate, and authorize and capture later.

4. Rental: Payment captured more than seven days after authorization. Final payment may change.

You should divide the payment into separate charges and authenticate with 3D Secure first for the estimated cost and later to cover any incidentals.

5. Memberships: Recurring payments. Fixed amount.

3D Secure authentication is required for the payment that starts the subscription. Remember that any recurring payments started before September 14 are SCA exemptions.

6. Utility Bill: Metered billing. Recurring payments.

3D Secure authentication is required when a customer saves their card to set up automatic payments. To do this, the customer would complete 3D Secure authentication outside of a transaction.

Be ready for SCA with our payment solutions

Are you wonder how to comply with the new authentication rule in order not to freeze your business operation? The fastest way is to use SCA-ready payment gateway extensions.

Magenest provides you a variety of payment gateways that can be connected to your Magento 2 store. We're in the process of updating all our extensions for the new and more secure checkout process.

Here is the list of SCA-ready payment gateway extensions [continuously updated].

  • Stripe Payment Gateway: To comply with SCA, new payment methods including Stripe Checkout and Payment Intents API are added to the feature list. Stripe is the leading payment gateway in the world, available in 34 countries. If you are aiming at expanding your market internationally, Stripe Payment Gateway for Magento 2 is a great tool that you can't miss.
  • Stripe Payment and Subscription: Merchants are able to manage your subscription to keep track of the returning sales. Stripe Checkout and Payment Intents API are also included.
  • Subscription and Recurring Payments: Instead of making one-off purchases, customers now are able to subscribe to any product with flexible plans. The extension supports SCA-ready Stripe payments.
  • Opayo (Sage Pay) Integration: We are the official integration partner of Magento and Opayo (formerly Sage Pay). This payment gateway is for customers from the UK. Obviously, SCA is also required. With Opayo Direct Integration, your online transactions are accepted with SCA, for a smooth checkout experience.
  • Opayo (Sage Pay) and Subscription: With the subscription management included in this extension, merchants can set up various subscription plans for customers and gain gradual revenue with ease.
  • Barclaycard ePDQ Payment Gateway: The extension integrates your store with Barclays ePDQ payment gateway, one of the most popular payment solutions in the UK. Your payments will be processed through Direct Link that complies with SCA - Under PSD2.


It’s only 4 months left for merchants to get ready for the new rule - SCA in this September. The change in the online payment sectors is expected to combating with cybercrimes and reducing online credit card frauds, which creates a more dynamic and secure environment for eCommerce.