Strong Customer Authentication FAQ


This article applies to:

Strong Customer Authentication is a rule that went into effect on September 14, 2019 as a part of the PSD2 regulation in Europe. It requires changes to how European customers authenticate online payments, requiring a different user experience through 3D Secure 2. Transactions that do not follow these guidelines may be declined by your customer’s banks.

While the requirements were outlined on September 14, 2019, enforcement of the requirements have been gradual. SCA requirements will be fully enforced in most European countries on December 31, 2020. You can find more details on Strong Customer Authentication enforcement timeline here.

How do I know if my business requires compliance with Strong Customer Authentication?

Strong Customer Authentication compliance will apply to businesses in the European Economic Area that accept payments from European customers.

When will Keap be ready for SCA-compliant transactions?

Keap can handle SCA-compliant transactions through 3D Secure 2 with Stripe as of December 17, 2020.

Customers that are affected by SCA compliance can continue using PayPal Smart Payment Buttons in both Keap and Infusionsoft, as payments made through these buttons will authenticate your client’s identity as needed through 3D Secure 2.

What if I’m not using Stripe?

If you aren’t using Stripe and your business requires SCA compliance, we recommend migrating your payments to Stripe.

When should I move my payments to Stripe?

If your business requires SCA compliance, we recommend moving to Stripe at any point prior to December 31, 2020.

I’m getting SCA warnings from my payment processor - what should I do?

Take a look at the enforcement timeline here to see how your country and customers may be affected. We suggest moving your payments to Stripe in or before December 2020.

What is 3D Secure 2?

With Strong Customer Authentication enforcement beginning in many European countries in 2021, 3D Secure 2 is a way for Keap and Infusionsoft customers that do business in Europe to be SCA-compliant. 3D Secure 2 allows your clients to easily authenticate through an improved user experience that will reduce the negative impact on conversion. You can find more information on 3D Secure 2 here.

What do I need to do to enable 3D Secure 2?

Moving your payments to Stripe will ensure your business is SCA-ready come December 2020. No action is needed as long as you migrate to Stripe.  If you are already on Stripe, you are ready to use 3D Secure 2.

What will the 3D Secure 2 experience look like for my clients?

  1. Initiate a payment
    Your customer fills in their card details and completes the checkout to initiate the payment.

  1. Trigger dynamic authentication
    Your payment processor detects whether authentication is needed. If required, a 3D Secure 2 authentication flow will be presented in a modal window. This experience will vary based on the customer's bank, but examples include prompting the customer for a one-time passcode or biometric ID.

  1. Complete a payment
    Once a customer’s identity has been confirmed through 3D Secure 2, the card can be charged.

Will every transaction require additional authentication through 3D Secure 2?

Some types of low-risk payments may be exempted from Strong Customer Authentication. Stripe is able to request these exemptions for you when processing the payment. The cardholder’s bank will then receive the request, assess the risk level of the transaction, and ultimately decide whether to approve the exemption or whether authentication is still necessary.

Using exemptions for low-risk payments can reduce the number of times you will need to authenticate a customer and reduce friction. You can find more information about how Stripe handles exemptions here.