- 19 Aug 2024
- 7 Minutes to read
- Print
- DarkLight
SCA and MOTO
- Updated on 19 Aug 2024
- 7 Minutes to read
- Print
- DarkLight
Strong Customer Authentication and Mobile Orders/Telephone Orders
Strong Customer Authentication (SCA), as part of PSD2 regulation in Europe, requires changes to how European customers authenticate online Stripe payments. Card payments require a different process, namely 3D Secure, in order to meet SCA requirements. We've updated Payments to prevent Transactions from being declined by banks. Read more here.
Who is Affected?
The new requirements for SCA affect our customers in Europe who use Stripe as that is where the PSD2 regulation is being implemented. Read more here.
Scope
Recommended
Blackthorn Payments supports the following features.
- Capturing a Transaction through PayLink with SCA regulated Payment Methods.
- Capturing a Transaction through Donations with SCA regulated Payment Methods.
Not Recommended
- Capturing SCA regulated Payment Methods and Transactions through the Virtual Terminal.
- Capturing SCA regulated Payment Methods through the Transaction object.
These options require additional configuration and must be flagged as MOTO (mail orders & telephone orders) when sent to Stripe from the Virtual Terminal since the card is not present for authentication. MOTO puts a Transaction out of the scope of SCA.
When SCA is applied, the business will benefit from a “liability shift” in their Transactions. This means that should fraud occur, the bank (as opposed to the company) will be liable to cover the costs as the bank authorized the Transaction.
Putting SCA exemptions in place returns the “liability shift” to the company. Therefore, a company needs to weigh the pros and cons of the liability shift before adding an exemption.
This is why Stripe uses the MOTO parameter via API feature flagged, and it isn’t available by default. Blackthorn only applies MOTO to Virtual Terminal and auto-processed Transactions, as these types are out of scope for SCA.
Please watch the below videos for instructions on how to enable SCA and MOTO.
SCA
To successfully use SCA with Events, you must use Stripe Checkout as SCA is only supported by Stripe. (SCA is not supported by Authorize.net or Spreedly.)
MOTO
How to Enable SCA
To enable SCA in your org, complete the following steps.
- Click the Gear icon.
- Click Setup.
- In the Quick Find box, enter and click "Custom Settings."
- Click Manage next to Blackthorn Pay - Trigger Settings.
- Click Edit.
- Set Enable SCA = "True" (checked).
- Click Save.
If you haven't done so already, set up Stripe Checkout. To support the SCA flow, Stripe Checkout must be used with Events. Click here to learn how to set up Stripe Checkout. (SCA support is only available through Stripe.)
Payment Gateway Configuration for MOTO
Before using MOTO to create and capture payments from the Virtual Terminal, you must add the Stripe MOTO Enabled field to the Payment Gateway record page layout.
When Stripe MOTO Enabled = "True" (checked), the MOTO flag will be set on Stripe charge requests. In other words, your Transactions will succeed when using a Payment Method that doesn't require additional authentication.
Payment Method Configuration for MOTO
If you need to create new Payment Methods from the Payment Method object and capture Transactions from the Transaction object, you must add the Enable MOTO field to the Payment Method's Charge Card page layout.
When Enable MOTO = "True" (checked), the MOTO flag will be set on Stripe charge requests so that Transactions can be captured without going through two-factor authentication.
Contact Stripe to Configure Your Stripe Account
To charge a newly created SCA regulated credit card number in the Virtual Terminal and Transaction object, you must contact Stripe support to have your Stripe account configured for MOTO.
- Reach out to Stripe Support to get your Stripe Account “Gated” for MOTO.Navigation: Stripe Support Site from Help Menu > Click Contact Support > This will initiate a chat with support.
- Stripe will ask you why you need this. Tell them that you need to take over the phone payments through the API with the Blackthorn App.
- Make sure Stripe Support gates MOTO for your account in Test and Live mode.
Testing SCA for PayLink
The directions below will teach you how to test the new feature until they are automatically pushed.
To Do
You will need to replace the PayLink URL "paylink.blackthorn.io" domain to a test domain.
TEST DOMAIN for PayLink: https://paylink-dev-v2.herokuapp.com
For example, when you create a Transaction record, a PayLink URL is generated with the "paylink.blackthorn.io" domain like this one:
"https://paylink.blackthorn.io/2E12oua7/attendee/ty2W6t9awokrDMaLWi8Mf4sLMedhdrWSBHw6HS7kqVnJ0kKmCK63yl0IxWpbAUBo"
You'll then click on the PayLink URL so it opens up in a new page. Remove "paylink.blackthorn.io" and replace it with "https://paylink-dev-v2.herokuapp.com" so it looks like this:
https://paylink-dev-v2.herokuapp.com/2E12oua7/attendee/ty2W6t9awokrDMaLWi8Mf4sLMedhdrWSBHw6HS7kqVnJ0kKmCK63yl0IxWpbAUBo
Test Cards
Use the following test card to prompt for additional authentication -> 4000002500003155
Other regulatory (3D Secure) test cards can be found here.
If you have any questions about this or need help with testing, please don't hesitate to reach out to Blackthorn Support.
What Errors Will I See if My Stripe Account Has Not Been Setup for MOTO Payments?
If your Stripe account has not been gated for MOTO by the Stripe support team you will notice that your Transactions will fail when you try to capture a charge from the Transaction object or the Virtual Terminal for new SCA regulated Payment Methods.
What Does This Look Like?
When capturing a charge from the Transaction object and MOTO is not gated on the Stripe Account:
When a capturing a charge from the Virtual Terminal and MOTO is not gated on the Stripe account:
Failure message from Virtual Terminal
Error message on the Transaction record that was created from the Virtual Terminal
What Does the Additional Authentication Step Look Like?
When using features like PayLink, the flow of the UI has an additional step. This step supports the additional authentication process.
In live mode, customers will navigate to the PayLink as they've done in the past. After clicking PAY customers will be asked to verify their identity with a push notification, a text message, or another method chosen by their bank. Read more here.
What About Existing Payment Methods?
Existing Payment Methods that are saved in your orgs should continue to work with the new SCA regulations. Also, Payment Methods that do not require the additional authentication step will continue working as expected.
How Will SCA affect Stripe Billing?
If you need to enable SCA in your Salesforce org, existing Payment Methods used with your Stripe Billing records will continue working as expected.
If you set up a new Subscription through Salesforce and it requires a new Payment Method, you must authorize the Payment Method before the Stripe Subscription will appear as "Active" in the Stripe dashboard.
How Do I Make Sure My Card Is Authorized?
- Use an existing, valid Payment Method.
- Create a Payment Method in the Virtual Terminal.
- Create a Payment Method through the New Payment Method button on a Contact/Account record.
How Can I Use the Stripe Dashboard to Authorize a Payment Method
If you create a new Subscription in Salesforce that requires a new Payment Method and push it Stripe, you will see that the Subscription shows as incomplete. This is because the Payment Method still needs to be authorized.
Complete the authorization step in Stripe.
- Navigate to the Subscription in Stripe.
- Click on the "Open" Invoice associated with the Subscription record.
- In the Details section of the Invoice in Stripe, click the link next to "Payment Page."
- Complete the authorization process and capture the payment.
Frequently Asked Questions
Q: Will existing, valid credit card Payment Methods still work after SCA is enabled?
- Yes! Valid credit card Payment Methods will continue to work as expected after you enable SCA.
Q: Will existing, valid ACH Payment Methods still work after SCA is enabled?
- Yes! New and existing ACH Payment Methods will continue to work as expected after you enable SCA.
Q: If SCA is enabled and I use Plaid with Stripe, will I encounter any issues?
- No, with SCA Enabled you can still continue to use Plaid without issue or interruption.
Q: If I enable SCA and use Events and PayLink, will there be any issues with Event registration?
- To successfully use SCA with Events, you must use Stripe Checkout as SCA is only supported by Stripe. (SCA is not supported by Authorize.net or Spreedly.)
Q: If I enable SCA and use DocumentLink and PayLink, there will there be any issues with DocumentLink?
- No, DocumentLink will continue to work without issue after SCA is enabled for cards NOT requiring authentication. SCA-ready support for DocumentLink is on our product roadmap.
Q: With SCA enabled, can I can use PayLink and Donations checkout and the Payment Method can be used for future recurring payments (without having to re-verify)?
- Yes! Once the Card has been authenticated through the PayLink or Donations checkout, that Payment Method can be used for future or recurring payments without additional authentication.
Q: With SCA enabled, can I create ACH Payment Methods through PayLink or Donations and reuse them in the future?
- Yes! ACH Payment Methods are not affected by SCA regulations.
Q: With the Virtual Terminal, can I capture payments the same way before SCA was enabled?
- Yes, but with some additional setup. Please see the additional setup needed here.