SCA and MOTO

Strong Customer Authentication and Mobile Orders/Telephone Orders

Strong Customer Authentication (SCA), as part of PSD2 regulation in Europe, requires changes to how European customers authenticate online Stripe payments. Card payments require a different user experience, namely 3D Secure, in order to meet SCA requirements. We've updated Payments to prevent Transactions from being declined by banks. Read more here.

Who is Affected?

The new requirements for SCA affect our customers in Europe who use Stripe as that is where the PSD2 regulation is being implemented. Read more here.

Scope

Recommended

Blackthorn Payments supports the following features.

• Capturing a Transaction through PayLink with SCA regulated Payment Methods.
• Capturing a Transaction through Donations with SCA regulated Payment Methods.

Not Recommended

• Capturing SCA regulated Payment Methods and Transactions through the Virtual Terminal.
• Capturing SCA regulated Payment Methods through the Transaction object.

These options require additional configuration and must be flagged as MOTO (mail orders & telephone orders) when sent to Stripe from the Virtual Terminal since the card is not present for authentication. MOTO puts a Transaction out of the scope of SCA.

When SCA is applied, the business will benefit from a “liability shift” in their Transactions. This means that should fraud occur, the bank (as opposed to the company) will be liable to cover the costs as the bank authorized the Transaction.

Putting SCA exemptions in place returns the “liability shift” to the company. Therefore, a company needs to weigh the pros and cons of the liability shift before adding an exemption.

This is why Stripe uses the MOTO parameter via API feature flagged, and it isn’t available by default. Blackthorn only applies MOTO to Virtual Terminal and auto-processed Transactions, as these types are out of scope for SCA.

Please watch the below videos for instructions on how to enable SCA and MOTO.

SCA

MOTO

How Do I Enable SCA In My Org?

Use the Blackthorn Pay - Trigger Settings's Enable SCA custom setting to enable your org for SCA.

1. Click the Gear icon.
2. Click Setup.
3. In the Quick Find box, enter and clic "Custom Settings".
4. Click Manage next to Blackthorn Pay - Trigger Settings.
5. Click Edit.
6. Set Enable SCA = "True" (checked).
7. Click Save

SCA is now enabled.

Payment Gateway Configuration for MOTO

Before using MOTO to create and capture payments from the Virtual Terminal, you must add the Stripe MOTO Enabled field to the Payment Gateway page layout.

When Stripe MOTO Enabled = "True" (checked), the MOTO flag will be set on Stripe charge requests. In other words, your Transactions will succeed when using a Payment Method that doesn't require additional authentication.

Payment Method Configuration for MOTO

If you need to create new Payment Methods from the Payment Method object and capture Transactions from the Transaction object, you must add the Enable MOTO field to the Payment Method's Charge Card page layout.

When Enable MOTO = "True" (checked), the MOTO flag will be set on Stripe charge requests so that Transactions can be captured without going through two-factor authentication.

Contact Stripe to Configure Your Stripe Account

To charge a newly created SCA regulated credit card number in the Virtual Terminal and Transaction object, you must contact Stripe support to have your Stripe account configured for MOTO.

1. Reach out to Stripe Support to get your Stripe Account “Gated” for MOTO.Navigation: Stripe Support Site from Help Menu > Click Contact Support > This will initiate a chat with support.
2. Stripe will ask you why you need this. Tell them that you need to take over the phone payments through the API with the Blackthorn App.
3. Make sure Stripe Support gates MOTO for your account in Test and Live mode.

Testing SCA for PayLink and Donations

From now until December 22nd, 2020, the below directions will teach you how to test the new features and enhancements until they are automatically pushed.

To Do

You will need to replace the PayLink URL paylink.blackthorn.io domain to a test domain. Also you'll need to replace the Donations form URL donations.blackthorn.io domain to a test domain.

What Features are Affected by This?

• SCA for Paylink
• SCA for Donations

TEST DOMAIN for PayLink: https://paylink-dev-v2.herokuapp.com

TEST DOMAIN for Donations: https://bt-donations-dev.herokuapp.com/

For example, when you create a Transaction record, a PayLink URL is generated with the paylink.blackthorn.io domain like this one:

https://paylink.blackthorn.io/2E12oua7/attendee/ty2W6t9awokrDMaLWi8Mf4sLMedhdrWSBHw6HS7kqVnJ0kKmCK63yl0IxWpbAUBo

You'll then click on the PayLink URL so it opens up in a new page. Remove paylink.blackthorn.io and replace it with https://paylink-dev-v2.herokuapp.com so it looks like this:

https://paylink-dev-v2.herokuapp.com/2E12oua7/attendee/ty2W6t9awokrDMaLWi8Mf4sLMedhdrWSBHw6HS7kqVnJ0kKmCK63yl0IxWpbAUBo

Test Cards

Use the following test card to prompt for additional authentication -> 4000002500003155

Other regulatory (3D Secure) test cards can be found here.

If you have any questions about this or need help with testing, please don't hesitate to reach out to Blackthorn Support.

What Errors Will I See if My Stripe Account Has Not Been Setup for MOTO Payments?

If your Stripe account has not been gated for MOTO by the Stripe support team you will notice that your Transactions will fail when you try to capture a charge from the Transaction object or the Virtual Terminal for new SCA regulated Payment Methods.

What Does This Look Like?

• When capturing a charge from the Transaction object and MOTO is not gated on the Stripe Account:
  

• When a capturing a charge from the Virtual Terminal and MOTO is not gated on the Stripe account:
  

Failure message from Virtual Terminal

Error message on the Transaction record that was created from the Virtual Terminal

What Does the Additional Authentication Step Look Like?

When using features like PayLink, the flow of the UI has an additional step. This step supports the additional authentication process.

In live mode, customers will navigate to the PayLink as they've done in the past. After clicking PAY customers will be asked to verify their identity with a push notification, a text message, or another method chosen by their bank. Read more here.

What About Existing Payment Methods?

Existing Payment Methods that are saved in your orgs should continue to work with the new SCA regulations. Also, Payment Methods that do not require the additional authentication step will continue working as expected.

How Will SCA affect Stripe Billing?

If you need to enable SCA in your Salesforce org, existing Payment Methods used with your Stripe Billing records will continue working as expected.

If you set up a new Subscription through Salesforce and it requires a new Payment Method, you must authorize the Payment Method before the Stripe Subscription will appear as "Active" in the Stripe dashboard.

How Do I Make Sure My Card Is Authorized?

• Use an existing, valid Payment Method.
• Create a Payment Method in the Virtual Terminal.
• Create a Payment Method through the New Payment Method button on a Contact/Account record.

How Can I Use the Stripe Dashboard to Authorize a Payment Method

If you create a new Subscription in Salesforce that requires a new Payment Method and push it Stripe, you will see that the Subscription shows as incomplete. This is because the Payment Method still needs to be authorized.

Complete the authorization step in Stripe.

1. Navigate to the Subscription in Stripe.
2. Click on the "Open" Invoice associated with the Subscription record.
3. In the Details section of the Invoice in Stripe, click the link next to "Payment Page."
4. Complete the authorization process and capture the payment.

Frequently Asked Questions

Will existing, valid credit card Payment Methods still work after SCA is enabled?

• Yes! Valid credit card Payment Methods will continue to work as expected after you enable SCA.

Will existing, valid ACH Payment Methods still work after SCA is enabled?

• Yes! New and existing ACH Payment Methods will continue to work as expected after you enable SCA.

If SCA is enabled and I use Plaid with Stripe, will I encounter any issues?

• No, with SCA Enabled you can still continue to use Plaid without issue or interruption.

If SCA is enabled and I use Authorize.net or Spreedly, will I encounter any issues? What if I am in Europe?

If I enable SCA and use Events and PayLink, will there be any issues with Event registration?

• No, Events registration will continue to work without issue after SCA is enabled for cards NOT requiring authentication. SCA-ready support for Events checkout is on our product roadmap.

If I enable SCA and use DocumentLink and PayLink, there will there be any issues with DocumentLink?

• No, DocumentLink will continue to work without issue after SCA is enabled for cards NOT requiring authentication. SCA-ready support for DocumentLink is on our product roadmap.

With SCA enabled, can I can use PayLink and Donations checkout and the Payment Method can be used for future recurring payments (without having to re-verify)?

• Yes! Once the Card has been authenticated through the PayLink or Donations checkout, that Payment Method can be used for future or recurring payments without additional authentication.

With SCA enabled, can I create ACH Payment Methods through PayLink or Donations and reuse them in the future?

• Yes! ACH Payment Methods are not affected by SCA regulations.

With the Virtual Terminal, can I capture payments the same way before SCA was enabled?

• Yes, but with some additional setup. Please see the additional setup needed here.