Important update: New SCA requirements for card integrations

David Coles
Find me on:

Back in September 2019, new requirements for authenticating online payments were introduced and have to be enforced by March 2022. These requirements will directly impact how some payments are processed using Commusoft's payment integrations.

As our integration partners begin to adopt these changes, so must we to ensure our systems continue working together as intended.

Stripe has recently implemented SCA requirements, which will affect the way you and your customers complete payments. However, Commusoft has adapted our integration to ensure it continues to work smoothly.

Please note, Worldpay has yet to confirm when they will adopt these changes, but we will update you as soon as we are made aware.

The below changes will go live in the system this week.

What is SCA?

Strong Customer Authentication (SCA) is a new European regulatory requirement to help reduce the chance of fraud and make online payments more secure. These requirements are not applicable to all providers currently, but will be by March 2022. To accept payments and meet SCA requirements, there is a need for additional authentication from the customer themselves (such as entering a pin or one-time code). This will affect payment via the online payment portal and deferred payments within Commusoft.

Additional information: Stripe | Visa | Mastercard

How does this impact Commusoft?

Regular Payments

When adding a payment to an invoice using a credit or debit card, it may require an additional SCA from the bank. Please note, this is determined by the individual card provider - not Commusoft.

If the card does not require SCA, the payment will process as normal. But if queried by the card provider, it will require an SCA and a ‘Payment not authorised’ pop up will display the following message:

‘The payment could not be authorised due to SCA (Strong Customer Authentication). Payment will need to be taken via the portal. Please enter the details below to send the invoice portal message and the payment can then be made by the customer’.

Following the instructions on the pop-up, you can instead send an email and/or SMS to the customer in order for them to provide their payment and authentication. The customer simply clicks the link in the email to complete payment via Commusoft's online invoice portal. They will then be asked to enter their second level of authentication: this could be a one-time pin, fingerprint, or face recognition depending on the type of card and bank they use. Please note, Commusoft has no impact or input into which authentication is required for the customer.

An email and SMS template has been automatically set up and can be found under ‘Card payment authorisation message’ in system settings, which you can modify if needed. If you do edit the template, it is essential that you include the invoice portal URL tag, otherwise customers will not be able to complete their payment.

Card oayment authorisation message

A record of this message, once sent, will show up in the notes and communications section for the corresponding invoice. Of course, you also have the choice to not send this message to your customers and instead handle it manually.

Deferred payments

When creating a job using deferred payments, the new SCA implementation will behave slightly differently. When establishing a deferred payment (this can be either when creating the job or the diary event) your card provider or bank may not query the transaction, allowing payment to work as normal.

However, due to SCA the bank may query the transaction, which will require you to produce a second level of authentication. This error message will then appear at the top of the job ‘NOT AUTHORISED: Deferred payment cannot process due to SCA. Use another payment method’. By clicking ‘View reason’ you will be able to see the cardholder’s name, last 4 digits of the card number, date of transaction, and amount due so you can inform the customer which card the payment was unsuccessful for.

This error message will require you to either:

  1. Continue without taking a deferred payment
  2. Abort or delete the job and try adding a different credit card to take a deferred payment (both for deferred payments taken at the time of creating the job or when creating the diary event)

Questions?

If you have any questions about this or experience challenges taking payments in Commusoft, please get in touch with the support team who can assist further. If your customers struggle to authenticate their payments via SCA, they will need to reach out to their bank or card provider directly.


Refer now
Share this article

You may be interested in:

Looking for industry tips and advice? See our Business blog.