Skip to content
  • There are no suggestions because the search field is empty.

Strong Customer Authentication

The EU has put in place consumer protections with regards to online payments, going into effect on Sept 14, 2019. Those protections have been termed Strong Customer Authentication, and aim to reduce fraud and protect customers from being charged without their consent. 

What Has Changed

Starting Sept. 14, 2019, EU banks (with the exception of the UK which has been given an extension of 2 years) will apply stricter rules with regards to approving online and off session payments (such as recurring / scheduled payments using card-on-file). 

If a payment meets certain criteria decided by the bank, the bank could ask for additional authentication before approving the transaction. Authentication could include providing a PIN number, or a security code sent via a text message.

You can read a more in depth explanation here - https://stripe.com/guides/strong-customer-authentication

To comply with EU regulations and to reduce the chances of your payments being declined, the Gymdesk have implemented several suggested improvements to and payment flows to address the requirements set by the EU parliament.

What It Means For You As An EU Merchant

There's nothing you need to do at this time. We've done all the work required to make sure your payments have everything required by EU regulators to have the best chance of being approved by the bank.

In the case the customer's bank decides to request additional authentication, we have implemented several payment flows to address it:

  • When adding a new payment card for a member, you may need to authenticate the card via a popup such as this - 

    3dsecure-example

    Clicking on the "Confirm Payment" might require the member to provide a PIN number or receive a security code via a text, so if you don't have the member in front of you, you could ask them to input the card details themselves using their member account online.
  • When creating a payment in the member profile screen, the bank might request additional authentication. You can authenticate it at that time or later. The payment status will appear as "Failed" with an error description of "Additional authentication required" until it is authenticated.

    Again, the member can authenticate the payment themselves using their member account online. If you have payment failure Emails enabled, the member will have already received an Email requesting them to resolve the payment online.


    create-charge-sca
  • When recurring / scheduled payments are processed, it might fail with the bank requiring additional authentication. Similar to the payment creation flow above, the payment will then appear with the status "Failed" and the error description will show it requires additional authentication. 

    It can then be authenticated from the invoice screen, or by the member through the member portal online.

It's important to note that most payments should not be affected by this change. Existing recurring payments should be grandfathered into the new requirements, and for the most part, new members would only need to authenticate once when adding the payment card.

If you have any questions or concerns, please send us a message and we would be happy to help you out.