Skip to main content
You are viewing content for . View content for other locations.
×
Resources
article

How SCA Applies to Common Payment Scenarios


On September 14, 2019, Strong Customer Authentication (SCA) requirements -- part of the revised Payment Services Directive (PSD2) regulations -- will take effect in the European Economic Area (EEA). SCA mandates that two-factor authentication be performed on many card transactions. Those merchants who don’t apply two-factor authentication to their transactions risk an increase in declines from customers’ banks.

3D Secure 2 (3DS2) is an industry-standard solution for meeting SCA requirements (and the solution Braintree is recommending that merchants adopt in order to be SCA-ready). The latest 3DS authentication protocol update will allow merchants to meet these new requirements as well as help transfer liability for fraud disputes to issuers and reduce costs associated with chargebacks.

While the solution itself is simple, the ways that merchants will need to apply SCA using 3DS2 will vary based on business models or how they transact with customers. So let’s take a closer look at how SCA can be added into payment flows for some common payment scenarios.

One-time transaction

Business type:

Ecommerce (direct-to-consumer online retailers)

Payment scenario:

A standard one-time payment for a product or service.

In this scenario, the merchant authorizes for the total amount of the purchase and settles for the same amount. If the transaction qualifies under SCA requirements, merchants can use 3DS2 to verify the cardholder during the checkout process. Merchants can apply for exemptions if they choose to do so, but need to be aware that they will be responsible for chargebacks categorized as fraud.

Payment flow:

Flow chart showing authentication 100 dollars authorization 100 dollars capture/settlement 100 dollars

Recurring payments

Business type:

Subscription (ex. gym membership); metered billing (ex. utility bill)

Payment scenario:

A recurring payment, either for the same amount and same frequency or for variable amounts and/or variable frequency.

In this scenario, the merchant can request a cardholder challenge to establish SCA when the card is first authorized for the subscription. This can occur with a verification or the first transaction, however we would generally recommend that SCA be applied to the first transaction whenever possible. As long as the customer has been challenged for the first authorization, subsequent recurring transactions will qualify as merchant-initiated, which are out of scope from SCA.

Payment flow:

Flow chart showing authentication 20 dollars authorization 20 dollars 20 dollars 25 dollars capture/settlement 20 dollars 20 dollars 25 dollars

Single order, multiple shipments

Business type:

Ecommerce (direct-to-consumer online retailers)

Payment scenario:

An order in which products ship separately at different times due to availability or fulfilment, and payments are captured at the time of shipment.

In this scenario, the merchant can authenticate and authorize the cardholder for the full amount, but would later need to perform merchant-initiated transactions (MITs) to capture each portion of the total when products are shipped and delivered.

Payment flow:

Flow chart showing authentication 650 dollars authorization 200 dollars 150 dollars 300 dollars capture/settlement 200 dollars 150 dollars 300 dollars

Tips

Business type:

Food delivery, ride sharing

Payment scenario:

A transaction in which tips or other additional charges are added by the customer after the initial amount.

In this scenario, the merchant authenticates, authorizes, and captures the original transaction amount. If the final amount after the tip is added is higher than the original amount, the merchant would need to perform a second authentication for the difference. (Merchants could also authenticate for more than the original amount the first time so that what is eventually captured after tips are added is still less than that authenticated amount, but doing so may lead to customer confusion.)

Payment flow:

Flow chart showing authentication 800 dollars 160 dollars authorization 800 dollars 160 dollars capture/settlement 800 dollars 160 dollars

Incidentals

Business type:

Ride sharing, hotels

Payment scenario:

A transaction in which additional charges are added by the merchant after the initial amount.

In this scenario, the merchant authenticates, authorizes, and captures the original transaction amount. If the final amount after any incidentals are added is higher than the original amount, the merchant would need to perform an MIT to capture the difference. (Merchants could also authenticate for more than the original amount the first time so that what is eventually captured after incidentals are added is still less than that authenticated amount, but doing so may lead to customer confusion.)

Payment flow:

Flow chart showing authentication 800 dollars authorization 800 dollars 160 dollars capture/settlement 800 dollars 160 dollars

Single order, multiple sellers/payees

Business type:

Marketplaces (ex. online travel agencies with flight, hotel, and rental-car vendors)

Payment scenario:

An order in which multiple sellers are paid from a single consumer checkout experience.

For this scenario, each card network has set up its own guidelines for processing in accordance with the PSD2 requirement to “[ensure] that the elements dynamically link the transaction to an amount and a payee specified by the payer when initiating the transaction.” So while there will be variability from card network to card network, each solution can be implemented without any inherent risk of declines.

Payment flow:

Flow chart showing authentication 800 dollars authorization 600 dollars 200 dollars capture/settlement 600 dollars 200 dollars

3DS2: Braintree’s SCA solution

Regardless of business model or payment scenario, merchants who do not perform SCA on transactions that require it are likely to see an increase in declines after the September 14, 2019 enforcement date. 3DS2 via Braintree provides a simple way to authenticate cardholders with a no- to low-friction checkout experience for cardholders, and allows merchants to shift liability to the issuers on authenticated transactions to help reduce costs associated with chargebacks categorized as fraud. Our FAQs blog post can help if you still have questions about preparing for SCA, and if you're ready to integrate Braintree's 3DS2 solution, get started with our adoption guide.

Additional reading:

  • Learn more about PSD2: Strong Consumer Authentication here.
  • Learn more about the latest update of the 3D Secure protocol here.
  • Learn more about Braintree’s 3DS2 solution here.
  • Get started with integration documentation here.
  • Sign up for our newsletter.

    First name is required
    Last name is required
    Company name is required
    Invalid Company name
    Email address is required
    Title is required
    required
    Total online volume is required
    Please check the box to continue.