What is Strong Customer Authentication?
Strong Customer Authentication (SCA) is a European regulatory requirement to reduce fraud and make online payments more secure. To accept payments and meet SCA requirements, enhancements have been made to build authentication into flows where credit card information is collected. Both our Stripe and Square integrations fully support SCA payments.
You are within the scope of Strong Customer Authentication if you conduct business in the European Economic Area (EEA) and accept payments from EU residents.
Before SCA, clients were simply required to enter their card number, expiry date, CVV, and postal code to make a payment. With SCA, clients will also be required to complete an authentication step when initiating a payment or saving a card to file. This is typically satisfied by providing a password, passphrase, or PIN sent to their mobile phone.
For example, a client may see the following prompt on the confirmation step of a booking or when paying a one-off invoice sent from Practice Better:
Cards that support this additional authentication requirement are said to be 3D Secure. You can identify 3D Secure cards in your clients' Billing Information section by looking for the following tag:
A payment is said to be "off-session" or merchant-initiated if your client is not present when the charge is made. Practice Better support two types of off-session payments:
- Scheduled installment plan payments
- Manually processing an invoice using a card on file
When a client adds their card to file (e.g. when purchasing a package with a payment plan), we'll attempt 3D Secure authentication before storing their card to your Stripe/Square account. This authentication step should ensure the card can be processed at a future date without requiring additional verification.
Ultimately, it is still up to your client's bank or card provider to decide whether authentication for an off-session payment is required.
Processing Invoices for Clients
By default, if you are processing an invoice with a 3D Secure card, we will attempt to charge your client's card without triggering authentication. Otherwise, your client might receive a verification alert on their mobile phone for a charge they are not expecting.
Instead, we will show you the following error if additional authentication is required:
If your client is available to receive and provide you with the verification code, you can enable the following checkbox at the bottom of the invoice payment page before re-submitting the payment:
Your client can provide you with the verification code they received in order to complete the payment.