Changes to payments - September 2019
On September 14th 2019 new rules came into force across Europe as part the second Payment Services Directive (PSD2) which lay down requirements for authenticating online payments under a system known as Strong Customer Authentication (SCA).
Some EU countries, including the UK, are giving banks and retailers more time to implement the changes, but it's expected that the effects of the new regulations will start to be seen anyway, and so we've made sure we have everything ready.
What is Strong Customer Authentication (SCA)?
SCA is a new European requirement to reduce fraud and increase the security of online payments. Paying online will require two out of the following three elements:
Something the customer knows (e.g. password/PIN)
Something the customer has (e.g. a phone)
Something the customer is (e.g. a fingerprint or face recognition)
What does this mean for payments that I take online?
SCA will be applied using an updated version of 3D Secure
, which adds an extra step after the checkout where the cardholder is prompted by their bank to provide additional information to complete a payment (for example by sending a code to their mobile phone).
Is SCA needed for all payments?
The regulation does allow exemptions for certain types of payments - such as low value transactions, or transactions where the cardholder is not present (recurring donations, for example) but the exemptions have to be requested dynamically and are not always granted - it's up to the bank to decide whether authentication is needed.
How is ChurchInsight preparing for the changes?
We've completed a full-scale upgrade to our payment integration, which will take customers through any necessary authentication steps when adding a new card.
You should be aware that one of the implications of the new regulation is that we could start to see an increase in payments being declined by banks and cardholders may need to return to your website
to re-validate their cards. If a payment fails in this way, we will email the cardholder with a link which will ask them to validate their card - they will not
need to log in to do this, and they will not
need to re-enter their card details, but they may be taken through an authentication process dictated by their bank, as with other online purchases.
Do I need to do anything?
Not at the moment. Our updated system takes care of the SCA requirements. Once the new payment rules come into force you may need to help some of your donors/customers to re-validate their cards if their payments fail.
What's in this release?
Updated payment systems
We've updated our payment systems to comply with the new legislation and to ensure that any extra authentication steps can be completed by your donors or customers. For many, there will be no noticeable change either in the checkout steps, or in the Web Office.
Save this card to use again
Up until now, if a card was added for a payment it was automatically retained for future re-use (the payer would need to re-enter the last 4 digits). Now, when entering a new card, payers can choose whether the card will be remembered for future donations or purchases.
Other features and bug fixes
Having done an import of offline payments and created match references for future donations, if any of the options are subsequently changed for the donation group, the match reference may become invalid. We now filter out these old/invalid references.
There was some inconsistent display of dates when old offline payments were imported and some confusion between the date of the import and the date of the donation. These have been tidied up.
We've fixed an issue where some incorrect families were displayed if consent was requested from guardians during a child check-in.
If you edited an image that was in use as a summary image on a media recording, the old version was sometimes cached by the browser and continued to be used for the recording. We've fixed this so that the new version of the image is always used.