Updated (October 17, 2019): The EBA has published its opinion on the deadline and process for completing the migration to SCA. The new enforcement deadline is December 31, 2020. See below for details on this official transition period.
Updated (September 14, 2019): SCA requirements have gone into effect in Europe. Braintree is actively monitoring bank activity.
Updated (September 10, 2019): Croatia, Cyprus, Czech Republic, Estonia, Finland, Hungary, Lithuania, Luxembourg, Portugal, Slovakia, Slovenia, Spain, and Sweden have been added to the list of countries that confirmed their views in favor of a transition period.
Updated (August 30, 2019): Belgium, Greece, Ireland, Malta, and Norway have been added to the list of countries that officially confirmed their views in favor of a transition period.
Understanding if, when, and how Strong Customer Authentication (SCA) applies to your business can be confusing -- especially with all the rumors circulating and changes being announced by the European Banking Authority (EBA) and national regulators.
As the commerce platform for large and fast-growing enterprises that are building the most innovative commerce experiences globally, Braintree is committed to keeping you informed about the latest news and information regarding SCA requirements.
In which cases will SCA apply?
The way SCA will need to be applied will vary by transaction. It will depend on both the location of your acquiring bank and the location of the bank that issued your customer’s credit card -- not necessarily where your business is domiciled. Please refer to this list to see which countries are affected by SCA requirements.
What are the most recent announcements regarding SCA enforcement timelines?
The EBA, working in partnership with payment service providers, acquirers, issuers, merchants, and the payment networks, published its opinion on the deadline and process for completing the migration to SCA. The new date that the requirements will begin to be enforced is December 31, 2020. It’s important to note that individual issuers may begin to enforce SCA requirements at any time within this official transition period, leaving unprepared merchants at risk of increased declines.
What do I need to do?
As ever, Braintree strongly recommends you integrate and test our 3D Secure 2 (3DS2) solution as soon as possible to help reduce the risk of SCA-related declines if and when issuers begin to enforce the requirements.
What else do I need to know?
Braintree’s flexible 3DS2 solution has been built to support both 3D Secure 1 and 2 authentication protocols. That means if issuers aren’t ready for 3DS2, Braintree will automatically divert your transactions to 3DS1 to help ensure your transactions are SCA compliant.
Where can I learn more?
For instructions on how to integrate, refer to our 3D Secure developer docs.
If you have already integrated 3DS, make sure you have the latest SDK with the most up-to-date features. For details, refer to our 3DS2 migration guide.
To see how SCA will apply to different transaction types, including recurring transactions, read How SCA Applies to Common Payment Scenarios.
If you are still unclear about the details of SCA, or would like an overview on the mandate and its requirements, read PSD2: Strong Customer Authentication Explained.
For more information on the background and benefits of the 3DS2 protocol, as well as how Braintree’s solution works, read 3D Secure 2: Next-generation Authentication.
As always, we’re here to help. If you have questions or need help with your integration, contact us.