XF 2.1 Will Stripe and other payment methods be updated to PSD2 regulation? (September 14th deadline)

[Alpha1]

My Stripe dashboard shows this warning:

Update your integration to prepare for SCA
On September 14, European regulation will mandate

Strong Customer Authentication (SCA)
for many online payments. When it goes into effect, a form of two-factor authentication will be required for many card payments. Unless you update your integration, your customers’ banks will decline many transactions.

Strong Customer Authentication Solutions from Stripe

Stripe’s payments platform helps you manage the complexity of Strong Customer Authentication (SCA).

stripe.com

Strong Customer Authentication

What internet businesses need to know about the European regulation

stripe.com

Beginning September 14, 2019, PSD2 regulation will require Strong Customer Authentication (SCA) for many online payments made by European customers, to help reduce fraud. To ensure payments will not be declined, businesses will need to build an extra layer of authentication into online card payments, unless transaction-specific exemptions apply.

The impact of SCA on your business can vary depending on the type of purchase, whether you charge a customer during or after checkout, and even which bank your customer uses. Stripe has designed SCA-ready payment APIs and products to help you manage this complexity and minimize the impact of SCA on your checkout conversion.

 

[Chris D]

Still a work in progress, mostly finished.

 

[Chris D]

Looking good

 

[AndreaMarucci]

What does that mean? :-D

 

[Chris D]

Well, Monzo is my bank, and that's me making a card payment through Stripe using XF 2.1.4.

This demonstrates that Stripe is now SCA compliant and where appropriate your bank can ask for additional authentication.

With some banks this is an extra layer which requires you to log on to your internet banking app, receive a phone call, text message, or enter passwords/memorable data etc. to prove it is the correct account holder making the purchase.

Prior to XF 2.1.4 this additional approval thing wouldn't have been displayed.

The deadline for implementing this is September 14th and XF 2.1.4 should be released before then (hopefully tomorrow!).

 

[AndreaMarucci]

Good!

 

[cwe]

Does this also affect PayPal, or just Stripe?

 

[Robust]

Does this also affect PayPal, or just Stripe?

PayPal's integration is a redirect to their site for processing. PayPal is complying with 3DS in their own way, see this. As far as I'm aware, PayPal will run 3DS when you register and perhaps periodically after. Since you're redirected to their site to checkout, if they want 3DS later, it'll be on their side. The current integration should hence be 3DS complaint afaik.

 

[Jake B.]

Curious, why doesn't XF have Stripe Checkout as an option? I'd imagine that'd remove the requirement of needing to do an update for any other requirements that pop up in the future

 

[Nirjonadda]

@Chris D Updated to XF 2.1.4 but still show Not SCA-ready. Also does this support dynamic 3D Secure authentication ?

 

[Chris D]

How would upgrading to a new version of XenForo notify Stripe of that fact?

XF 2.1.4 is, despite what Stripe says, SCA-ready. Stripe have been informed about the work done to add support for it.

Also does this support dynamic 3D Secure authentication ?

Yes, that's what this demonstrates:

View attachment 210120

Looking good

Curious, why doesn't XF have Stripe Checkout as an option? I'd imagine that'd remove the requirement of needing to do an update for any other requirements that pop up in the future

The last sentence there only applies until, of course, they change their Checkout integration, which they do periodically. We're happy and comfortable with the other tools they provide which gives us more control of things, not least the overall appearance and experience which very much so remains within XenForo but takes care of PCI compliance.

 

[Alpha1]

XF 2.1.4 is, despite what Stripe says, SCA-ready. Stripe have been informed about the work done to add support for it.

Thank you!

 

[AndreaMarucci]

Curious, why doesn't XF have Stripe Checkout as an option? I'd imagine that'd remove the requirement of needing to do an update for any other requirements that pop up in the future

I second this and asked this some time ago as well... Maybe you can develop an addon for this.

 

[Nirjonadda]

How would upgrading to a new version of XenForo notify Stripe of that fact?

XF 2.1.4 is, despite what Stripe says, SCA-ready. Stripe have been informed about the work done to add support for it.

Now showing SCA-ready but Upgrade now will open Xenforo Contact Us forum. I think i am already updated to XF 2.1.4, So no upgrade action needed?

 

[RobinHood]

I have the same screen and question as @Nirjonadda above. The Stripe wording is a little confusing.



It says XenForo is SCA-ready, yet also says once SCA ready to upgrade to the newest version. The upgrade button is just a contact form link for XF at https://xenforo.com/contact

Do I need to take any action? (Running XF 2.2.3)