PSD2: Strong customer authentication for Stripe payments

PSD2: Strong customer authentication for Stripe payments

With only a few weeks left before the online payment landscape in Europe undergoes significant changes, merchants and providers of financial services across the continent are gearing up for change.

That’s because the deadline for the European Union’s second Payment Services Directive, commonly known as PSD2, is set for December 31, 2020. 

Although the new requirement will mainly impact businesses, payment service providers, and banks, we’re updating our integrations with payment gateways to ensure that online transactions through Jotform comply with PSD2’s strong customer authentication requirements.  

And we’re happy to announce that Stripe payment forms are PSD2 compliant.

Jotform users who want to collect payments from European customers through Stripe don’t have to take any extra steps. All you need to do is integrate Stripe with a form and wait for payments to arrive. 

If you’ve already integrated Stripe into your payment form, you can keep collecting money without worrying about the deadline for PSD2 compliance. 

PSD2: Strong customer authentication for Stripe payments Image-1

Much of the work will take place behind the scenes once form respondents submit their payment information through JotForm. After that happens, Stripe will use 3D Secure 2.0 to quickly verify whether a transaction made by a European cardholder is suspicious or legitimate. 

This verification process between your bank, Jotform, Stripe, and a customer’s bank involves examining information, such as a shipping address, provided during the checkout process as well as more specific data, including previous transactions made on a person’s known devices. 

If no questions or red flags arise, the payment is authenticated almost instantaneously, and the checkout process is complete. Questionable transactions will require European customers to provide more information in a popup window before a transaction can be authenticated.  

This layer of security through Stripe creates a frictionless payment process for customers and ensures your business is PSD2 compliant. Above all, 3D Secure 2.0 carries out the spirit and letter of the regulation by protecting businesses and consumers alike from internet fraud.

If a cardholder’s bank doesn’t support 3D Secure 2.0, Stripe will use 3D Secure 1.0 to authenticate a transaction. In these cases, a customer will have to provide their bank with additional security information, such as a one-time code, password, or fingerprint scan on a mobile device, so they can successfully complete their transaction. 

How PSD2 compliance works in Jotform

Until recently, payment service providers like Stripe weren’t required to have customers authenticate online transactions.

Since the early 2000s, major credit card companies have been using 3D Secure 1.0 — or variants of it — to ask cardholders to type in a password or one-time verification code after they make a purchase. 

PSD2 regulations, however, require payment processors like Stripe to verify online transactions made by European cardholders. This authentication process will be done on behalf of businesses that use a payment processor’s services. 

We, in turn, have updated our Stripe integration, which captures a cardholder’s information from an online form and shares it with a payment processor for authentication.  

Since 3D Secure 2.0 doesn’t kick into gear until someone fills out a form with their payment information and submits it, we’ll pull back the curtain to show you what happens once a customer makes a payment. 

1. After a customer fills out a form, their payment information is shared with Stripe so the authentication process can begin. 

PSD2: Strong customer authentication for Stripe payments Image-2

2. The cardholder’s bank then assesses the level of risk tied to the transaction. Charges that have little risk or are eligible for authentication exemptions will be verified quickly — this completes the payment process for these customers. If a charge is potentially suspicious, a popup window (which looks similar to the test payment popup below) will appear and ask the cardholder to enter additional details. Cardholders will encounter three authentication methods that are chosen by their bank, including a password or PIN; a phone or hardware token; and fingerprint or facial recognition.

PSD2: Strong customer authentication for Stripe payments Image-3

3. If cardholders make a mistake during the authentication process, their payment will not be approved. An authentication popup window will ask them to use a different payment method. 

PSD2: Strong customer authentication for Stripe payments Image-4

4. If cardholders successfully complete the authentication process but don’t have enough money in their account, they will be redirected to a prompt that asks them to address the issue and resubmit the payment form to complete their purchase. 

PSD2: Strong customer authentication for Stripe payments Image-5

5. If cardholders successfully complete the authentication process but their card is declined for some reason other than insufficient funds, they will be redirected to a prompt that asks them to address the issue and resubmit the payment form to complete their purchase.

PSD2: Strong customer authentication for Stripe payments Image-6

6. If everything appears to be in order, the transaction should be approved, and the payment process will be complete. 

PSD2: Strong customer authentication for Stripe payments Image-7

7. After a payment has been authenticated and the form has been submitted, you can view a copy of the transaction in your Jotform account or in an email that’s sent to the email address associated with your account. 

PSD2: Strong customer authentication for Stripe payments Image-8


The day of reckoning is here, and there could be costly consequences if online businesses don’t take action soon. 

Merchants, payment service providers, and banks in the United Kingdom will have until March 2021 to comply with PSD2’s strong customer authentication requirements. This deadline extension by the Financial Conduct Authority, a key finance industry regulator in the U.K., could foreshadow similar decisions over the next few weeks in the European Union. 

Now that the PSD2 deadline is set, once January 1, 2021 hits, many European banks will begin to decline payments collected through third-party payment processors that don’t have the mandated safeguards to verify a buyer’s identity.  

It’s clear that merchants, payment service providers, and financial institutions need to be prepared.

Changes to Jotform’s integration with Stripe — as well as other payment processors within the coming weeks — will ensure that your payment forms comply with PSD2. In particular, the addition of 3D Secure 2.0 will not only provide your European customers with a frictionless payment process but also protect your business from fraud.  

The recent regulations for financial institutions, merchants, and third-party payment services may seem daunting, but they don’t have to be. Our comprehensive guide on how to be PSD2 compliant will answer many of your questions and demystify the process. 

Give our Stripe payment forms a try today and see how we’re helping our more than 5 million users stay on top of their game. 

Darin is a content marketer who's passionate about disrupting perceptions, solving problems, and helping people be more productive. Outside of the office, he is a rush-hour straphanger, adventure seeker, coffee drinker, and frequent traveler.

Send Comment:

Jotform Avatar
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.