How Strong Customer Authentication (SCA) Affects Nonprofits

Strong Customer Authentication, better known as SCA, regulations took effect on 14 September 2019. Not to worry, Donorbox has you covered. We are fully compliant with these requirements. No action is needed from your side! While SCA may sound super complicated, we assure you that it isn’t. We’ve got all the info you need to…

3 minutes read
How Strong Customer Authentication (SCA) Affects Nonprofits

Strong Customer Authentication, better known as SCA, regulations took effect on 14 September 2019. Not to worry, Donorbox has you covered. We are fully compliant with these requirements. No action is needed from your side!

While SCA may sound super complicated, we assure you that it isn’t. We’ve got all the info you need to know right here.


What is SCA?

Strong Customer Authentication (SCA) is a new European regulatory requirement. It is an element of the second Payment Services Directive (PSD2). SCA was created to reduce fraud and make transactions more secure. It brings an extra layer of authentication into online payments and helps ensure that they will not be declined.

SCA applies to online donations and transactions made with European (EEA) issued credit or debit cards.

Before SCA, donors would enter their card number and a CVC verification code. With these new SCA requirements, additional information is now required during checkout.

More data elements are being used to verify the donor’s identity. Strong Customer Authentication for nonprofits requires authentication to include two of the following data elements:

  1. Knowledge: something your donor knows. (e.g. password, PIN)
  2. Possession: something your donor has. (e.g. phone, token)
  3. Inherence: something your donor is. (e.g. fingerprint, facial recognition) 

This is commonly known as two-factor authentication.

SCA went into effect on 14 September 2019.


Who does SCA impact?

SCA standards apply to organizations and donors based in Europe, more specifically in the European Economic Area (EEA).

SCA only applies to online payments from European donors with an EEA-issued card. This means that even if your nonprofit is based in Europe, SCA does not apply to donations made from a non-EEA card or bank.

If your organization is not based in Europe but has EEA-based donors, you likely will not be impacted by SCA. Only a small number of these donors’ European banks may require SCA for their online donations. The majority of non-European nonprofits with European donors will not encounter this situation.


Are any types of donations exempt from SCA?

Yes—certain recurring, low-value, and low-risk donations may be exempt from SCA.

In these cases, our payment processor partners will request the exemption when processing the donation. The donor’s bank then accesses the transaction’s risk level and decides to either approve the exemption or require authentication.

Note: It’s important to remember that, while exemptions are useful, it’s ultimately the donor’s bank that decides whether or not to accept an exemption.

Recurring donations

Like one-time donations, SCA is required for the first donation in a donor’s recurring plan. But subsequent donations of the same amount are exempted from SCA.

For the most part, subsequent recurring donations are often a fixed amount and will be exempted. In certain cases, however, we may need to bring the donor back for reauthentication.

Low-value donations

Donations below €30 are considered “low value” and may be exempted. However, in certain cases, SCA still applies and authentication is required. Check out this detailed guide by Stripe to learn more.

Low-risk donations

When the donor’s bank has low fraud rates for card payments, Stripe and PayPal are able to conduct real-time risk analysis to determine whether to apply SCA or request an exemption.


How is Donorbox SCA compliant?

Donorbox partners with Stripe and PayPal to comply with SCA requirements. On Stripe’s side, we use Stripe’s Payment Intent and Setup Intent APIs which use the Stripe SCA logic to apply the right exemption and trigger 3D Secure when necessary. While on PayPal’s side, PayPal itself handles the authentication request and processing for you

Designed with your supporters and optimized fundraising in mind, our Donorbox donation forms are SCA-ready.


Do I need to take any action?

If you’re an organization:

The SCA regulatory requirements are automatically applied to your donation forms. That means you don’t need to take any further actions regarding receiving donations.

You’re good to go—happy fundraising!

If you’re a donor:

Just be ready to use multi-step authentication when you donate online to your favorite nonprofit organization.

Otherwise, it’s business as usual. 🙂


What resources are available on SCA for nonprofits?


Let us know if you have any questions—we’re here to help. Contact us here

Avatar photo

Raviraj heads the sales and marketing team at Donorbox. His growth-hacking abilities have helped Donorbox boost fundraising efforts for thousands of nonprofit organizations.

  • facebook
  • twitter
  • instagram
  • linkedin
  • tumblr

Join the fundraising movement!

Subscribe to our e-newsletter to receive the latest blogs, news, and more in your inbox.

Take your donor experience to the next level!
Join the 50,000+ nonprofits already raising funds online.
Join Our Newsletter
Get a monthly curated round-up of our best posts and feature updates. (You can unsubscribe anytime.)
Join Our Newsletter
Get a monthly curated round-up of our best posts and feature updates. (You can unsubscribe anytime.)
Join a 30min Demo to see how Donorbox can help you reach your fundraising goals!
Join a 30min Live Demo to see how Donorbox can help you reach your fundraising goals!