PSD2: Strong customer authentication for Stripe payments

With only a few weeks left before the online payment landscape in Europe undergoes significant changes, merchants and providers of financial services across the continent are bracing for more red tape.

That’s because the European Union’s revised Payment Services Directive, commonly known as PSD2, is set to come into full force on September 14, 2019. 

Although the new requirement will mainly impact businesses, payment service providers, and banks, we’re updating our integrations with payment gateways to ensure that online transactions through JotForm comply with PSD2’s strong customer authentication requirements.  

As a first step in this process, we’re happy to announce that Stripe payment forms are now PSD2 compliant.

JotForm users who want to collect payments from European customers through Stripe don’t have to take any extra steps. All you need to do is integrate Stripe with a form and wait for payments to arrive. 

If you’ve already integrated Stripe into your payment form, you can keep collecting money without worrying about the impending deadline for PSD2 compliance. 

Much of the work will take place behind the scenes once form respondents submit their payment information through JotForm. After that happens, Stripe will use 3D Secure 2.0 to quickly verify whether a transaction made by a European cardholder is suspicious or legitimate. 

This verification process between your bank, JotForm, Stripe, and a customer’s bank involves examining information, such as a shipping address, provided during the checkout process as well as more specific data, including previous transactions made on a person’s known devices. 

If no questions or red flags arise, the payment is authenticated almost instantaneously, and the checkout process is complete. Questionable transactions will require European customers to provide more information in a popup window before a transaction can be authenticated.  

This layer of security through Stripe creates a frictionless payment process for customers and ensures your business is prepared for PSD2. Above all, 3D Secure 2.0 carries out the spirit and letter of the regulation by protecting businesses and consumers alike from internet fraud.

If a cardholder’s bank doesn’t support 3D Secure 2.0, Stripe will use 3D Secure 1.0 to authenticate a transaction. In these cases, a customer will have to provide their bank with additional security information, such as a one-time code, password, or fingerprint scan on a mobile device, so they can successfully complete their transaction. 

How PSD2 compliance works in JotForm

Until now, payment service providers like Stripe weren’t required to have customers authenticate online transactions.

But since the early 2000s, major credit card companies have been using 3D Secure 1.0 — or variants of it — to ask cardholders to type in a password or one-time verification code after they make a purchase. 

PSD2 regulations, however, will require payment processors like Stripe to verify online transactions made by European cardholders. This authentication process will be done on behalf of businesses that use a payment processor’s services. 

We, in turn, are updating our Stripe integration, which captures a cardholder’s information from an online form and shares it with a payment processor for authentication.  

Since 3D Secure 2.0 doesn’t kick into gear until someone fills out a form with their payment information and submits it, we’ll pull back the curtain to show you what happens once a customer makes a payment. 

1. After a customer fills out a form, their payment information is shared with Stripe so the authentication process can begin. 

2. The cardholder’s bank then assesses the level of risk tied to the transaction. Charges that have little risk or are eligible for authentication exemptions will be verified quickly — this completes the payment process for these customers. If a charge is potentially suspicious, a popup window (which looks similar to the test payment popup below) will appear and ask the cardholder to enter additional details. Cardholders will encounter three authentication methods that are chosen by their bank, including a password or PIN; a phone or hardware token; and fingerprint or facial recognition.

3. If cardholders make a mistake during the authentication process, their payment will not be approved. An authentication popup window will ask them to use a different payment method. 

4. If cardholders successfully complete the authentication process but don’t have enough money in their account, they will be redirected to a prompt that asks them to address the issue and resubmit the payment form to complete their purchase. 

5. If cardholders successfully complete the authentication process but their card is declined for some reason other than insufficient funds, they will be redirected to a prompt that asks them to address the issue and resubmit the payment form to complete their purchase.

6. If everything appears to be in order, the transaction should be approved, and the payment process will be complete. 

7. After a payment has been authenticated and the form has been submitted, you can view a copy of the transaction in your JotForm account or in an email that’s sent to the email address associated with your account. 

Conclusion

The day of reckoning is approaching, and there could be costly consequences if online businesses don’t take action soon. 

Merchants, payment service providers, and banks in the United Kingdom will have until March 2021 to comply with PSD2’s strong customer authentication requirements. This deadline extension by the Financial Conduct Authority, a key finance industry regulator in the U.K., could foreshadow similar decisions over the next few weeks in the European Union. 

But if PSD2’s deadline for strong customer authentication isn’t extended past September 14, many European banks will decline payments collected through third-party payment processors that don’t have the mandated safeguards to verify a buyer’s identity.  

Although it’s uncertain when PSD2’s strong customer authentication requirements will be enforced across the continent, it’s clear that merchants, payment service providers, and financial institutions must be prepared when the day does come.  

New changes to JotForm’s integration with Stripe — as well as other payment processors within the coming weeks — will ensure that your payment forms comply with PSD2. In particular, the addition of 3D Secure 2.0 will not only provide your European customers with a frictionless payment process but also protect your business from fraud.  

The new regulations for financial institutions, merchants, and third-party payment services may seem daunting, but they don’t have to be. Our comprehensive guide on how to be PSD2 compliant will answer many of your questions and demystify the process. 

Give our Stripe payment forms a try today and see how we’re helping our more than 5 million users stay on top of their game. 

Darin is a content writer at JotForm. He is passionate about disrupting perceptions, solving problems, and helping people be more productive with the easiest online form builder. Outside of the office, he is a rush-hour straphanger, adventure seeker, coffee drinker, and frequent traveler. You can contact Darin through his contact form.

Send Comment:

JotForm Avatar

1 Comments: