Strong Customer Authentication, better known as SCA, regulations will soon take effect on 14 September 2019. Not to worry, Donorbox has you covered. Our team is finalizing the upgrade to comply with these requirements. No action needed from your side!
While SCA may sound super complicated, we assure you that it isn’t. We’ve got all the info you need to know right here.
What is SCA?
Strong Customer Authentication (SCA) is a new European regulatory requirement. It is an element of the second Payment Services Directive (PSD2). SCA was created to reduce fraud and make transactions more secure. It brings an extra layer of authentication into online payments and helps ensure that they will not be declined.
SCA applies to online donations and transactions made with European (EEA) issued credit or debit cards.
Before SCA, donors would enter their card number and a CVC verification code. With these new SCA requirements, additional information is now required during checkout.
More data elements are being used to verify the donor’s identity. Strong Customer Authentication for nonprofits requires authentication to include two of the following data elements:
- Knowledge: something your donor knows. (e.g. password, PIN)
- Possession: something your donor has. (e.g. phone, token)
- Inherence: something your donor is. (e.g. fingerprint, facial recognition)
This is commonly known as two-factor authentication.
SCA goes into effect on 14 September 2019.
Who does SCA impact?
SCA standards apply to organizations and donors based in Europe, more specifically in the European Economic Area (EEA).
SCA only applies to online payments from European donors with an EEA-issued card. This means that even if your nonprofit is based in Europe, SCA does not apply to donations made from a non-EEA card or bank.
If your organization is not based in Europe but has EEA-based donors, you likely will not be impacted by SCA. Only a small number of these donors’ European banks may require SCA for their online donations. The majority of non-European nonprofits with European donors will not encounter this situation.
Are any types of donations exempt from SCA?
Yes—certain recurring, low-value, and low-risk donations may be exempt from SCA.
In these cases, our payment processor partners will request the exemption when processing the donation. The donor’s bank then accesses the transaction’s risk level and decides to either approve the exemption or require authentication.
Note: It’s important to remember that, while exemptions are useful, it’s ultimately the donor’s bank that decides whether or not to accept an exception.
Like one-time donations, SCA is required for the first donation in a donor’s recurring plan. But subsequent donations of the same amount are exempted from SCA.
For the most part, subsequent recurring donations are often a fixed amount and will be exempted. In certain cases, however, we may need to bring the donor back for reauthentication.
Donations below €30 are considered “low value” and may be exempted. However, in certain cases, SCA still applies and authentication is required. Check out this detailed guide by Stripe to learn more.
When the donor’s bank has low fraud rates for card payments, Stripe and PayPal are able to conduct real-time risk analysis to determine whether to apply SCA or request an exemption.
What is Donorbox doing about SCA?
Our team is finalizing our Stripe upgrade to comply with SCA requirements. We are committed to providing a secure, compliant solution. We’ll ensure that the online donation experience for your supporters is as smooth and effortless as possible.
Designed with your supporters and optimized fundraising in mind, our Donorbox donation forms will soon be SCA-ready. We aim to roll this out next week, in time for the deadline on 14 September 2019.
Do I need to take any action?
If you’re an organization:
As soon as our Donorbox SCA update is released, the regulatory requirements will automatically be applied to your donation forms. That means you don’t need to take any further actions regarding receiving donations.
You’re good to go—happy fundraising!
If you’re a donor:
Just be ready to use multi-step authentication when you donate online to your favorite nonprofit organization.
Otherwise, it’s business as usual. 🙂
What resources are available on SCA for nonprofits?
- Visit the European Banking Authority website for more information about SCA requirements.
- Check out this excellent guide to SCA from Stripe.
- Take a look at J.P. Morgan’s SCA post, written by their Executive Director for European Product Solutions.
- Visit Ayden’s detailed article on SCA, which explains various elements of SCA and how they affect you.
Let us know if you have any questions—we’re here to help. Contact us here.