Strong Customer Authentication (SCA) in MyTime enhances the security of credit card payments and reduces the risk of fraud for Stripe users in the UK and Europe. In this article, we will explore how SCA works within the MyTime platform. The table below will describe the acronyms used in this article:
Acronyms and Meaning
Acronyms | Meaning |
SCA |
Strong customer authentication According to Wikipedia, "It is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-factor authentication to increase the security of electronic payments.[1] Physical card transactions already commonly have what could be termed strong customer authentication in the EU (Chip and PIN), but this has not generally been true for Internet transactions across the EU before the implementation of the requirement [1], and many contactless card payments do not use a second authentication factor.“ Most importantly, for MyTime to operate in the EU: "E-commerce merchants must update the payment flows in their websites and apps to support authentication.[10] If authentication is not supported, many payments will be declined once SCA is fully implemented.” |
MOTO |
Mail-order/Telephone order According to Stripe: "MOTO payments are transactions where customers give their payment card information to businesses over the phone or through mail, rather than in person or online. Businesses use these transactions to process payments when a customer's card is not physically present. MOTO payments were more common before the rise of e-commerce, though some businesses still use them.” |
EEA |
European Economic Area See Wikipedia for more details. |
Off-session |
When a payment is made “off session”, the customer is not present on our website or application to confirm the payment. If any action is needed after confirming an “off session” payment, we need to get the customer back “on session” to go through with the following action. Here are some examples of “off-session” payments:
|
Things to know:
- Currently, SCA is supported only in the UK and Europe.
- This is controlled by two hidden settings (one for regular credit card transactions and the other for one-time credit card transactions {MOTO}) that only the MyTime team can enable. To enable the hidden settings, please contact our Support Team at support@mytime.com.
- The MOTO hidden setting will instruct Stripe to inform the client’s bank that this is a MOTO transaction and that special consideration has to be given for using the card off-session. However, the moto flag is ignored if you indicate that the card needs to be saved on the client’s profile.
- The ability to save a client's card on file is governed by the "Store Client Credit Cards?" setting
- If the bank indicates that SCA verification is required, you can choose to send an email or SMS to the client for verification when the card is entered in POS, the scheduler, or the client profile. For bookings or purchases made through the booking widget, clients are redirected to the bank's website for SCA verification, so email or SMS notifications are not needed as they can complete the verification challenge directly on their computer.
- It's important to remember that when we store a client's card that requires SCA, we ask Stripe to restrict its use to transactions in which the client is not present or in session. As a result, all upcoming transactions are labeled as client off-session. Stripe will then utilize the client's directive that we obtained to use their card for future transactions to negotiate payment with the bank. The majority of the time, this should lead to a successful transaction based on industry norms, but there is no assurance. The bank will ultimately determine whether or not such use is permitted and whether or not ALL future transactions require verification. If the latter, we will reject such transactions and provide a suitable error notice.
-
If the client changes their mind about the verification or the verification fails for any reason, the client will be notified and instructed to select an alternative payment method.
Content:
SCA in POS
Once the hidden settings are enabled and you are processing a credit card payment in POS, you will need to follow a few additional steps to allow your clients to authenticate the card being charged.
- Navigate to Schedule > Locate the appointment you wish to checkout
- On the appointment modal, click 'Create Ticket'
- On the ticket, select 'Take Payment'
- Click the "Key In Card" button
- On the 'Key In Card' modal, enter the card number, expiration, CVC, country and zip code
- Click 'Add'
- If you do not check the "Save to client profile" checkbox the card will not be saved to the client's profile
- If you check the "Save to client profile" checkbox, the card will be saved on the client's profile
- When a card requiring SCA is entered, a pop-up will appear to send the verification to the client. This verification can be sent via email or SMS, using the send verification dropdown
- If 'Via SMS' is selected, you will get the option to enter the client's mobile number. If the client already has a mobile number on file, it will auto-populate
- If 'Via Email' is selected, you will get the option to enter the client's email address. If the client already has an email on file, it will auto-populate
-
An email or SMS (depending on which was selected) will be sent to the client with a link to select to complete the verification
-
SMS Verification:
-
When your clients receive the SMS, they will be required to select the link in the text message
- They will be directed to a web page where they must approve the amount to be charged by clicking "Verify Payment"
- The bank verification could be as simple as this example, but it will most likely involve entering a PIN or some other form of identification between the client and their bank. Click "Complete"
- The verification is complete and your clients will see a green confirmation message
-
-
Email Verification:
- When your clients receive the email, they will be required to click the "Complete Verification"
- They will be directed to a new tab to verify the action by clicking "Verify Payment"
- The bank verification could be as simple as this example, but it will most likely involve entering a PIN or some other form of identification between the client and their bank. Click "Complete"
- The verification is complete and your clients will see a green confirmation message and instructions to close the window
-
-
In POS, you will be presented with a line that indicates the status of the transaction:
-
Check Status: This will query the system for the current status of the transaction
- Send Verification: This allows you to resend the verification via email/SMS to the client in case they did not receive it initially
- Cancel: This allows you to cancel or void the transaction
-
- After refreshing the payment page, the card will be updated and you can then close the ticket
SCA for Client Profiles
On the client profile, when adding your clients' cards that require an SCA, you will get the option to allow your clients to verify the card from their devices.
- Navigate to Clients > Locate and open the client profile you wish to add the card to
- Select the "Edit" icon
- On the edit client modal, scroll down to the payment method section > Select + Add a Credit Card
- Enter the card number, expiration, CVC, country and zip code
- Click "Add"
- A pop-up will then appear to send the verification to the client. This verification can be sent via email or SMS using the send verification dropdown
-
An email or SMS (depending on which was selected) will be sent to the client with a link to click to complete the verification
- When your clients receive the SMS, they will be required to click the link in the text message
- When your clients receive the email, they will be required to click the "Complete Verification"
- They will be directed to a new tab where they can verify the action by selecting "Verify Payment Method"
- The bank verification could be as simple as this example, but it will most likely involve entering a PIN or some other form of identification between the client and their bank. Click "Complete"
- The verification is complete and your clients will see a green confirmation message and instruction to close the window
-
On the client profile, you will be presented with a line that indicates the status of the transaction:
-
Check Status: This will query the system for the current status of the transaction
- Send Verification: This allows you to resend the verification via email/SMS to the client in case they did not receive it initially
-
- After refreshing the page, you will see that the card has been added by the green confirmation message presented on the client's profile
SCA on Appointment Modal
On the appointment modal, adding a credit card from here that requires an SCA will allow you to have your clients verify the card from their devices.
- Navigate to the Schedule > Locate and open an appointment
- Select "Add Card" at the top of the appointment modal
- Enter the card number, expiration, CVC, country and zip code
- Click "Add"
- A pop-up will appear to send the verification to the client. This verification can be sent via email or SMS using the send verification dropdown
-
An email or SMS (depending on which was selected) will be sent to the client with a link to click on to complete the verification
- When your clients receive the SMS, they will be required to click the link in the text message
- When your clients receive the email, they will be required to click the "Complete Verification"
- They will be directed to a new tab where they can verify the action by selecting "Verify Payment Method"
- The bank verification could be as simple as this example, but it will most likely involve entering a PIN or some other form of identification between the client and their bank. Click "Complete"
- The verification is complete and your clients will see a green confirmation message and instructions on how to close the window
-
On the appointment modal, you will be presented with a line that indicates the status of the transaction:
-
Check Status: This will query the system for the current status of the transaction
- Send Verification: This allows you to resend the verification via email/SMS to the client in case they did not receive it initially
-
- After refreshing the appointment modal, the card would be added to the appointment modal and displayed at the top with the "Client verification of new card succeeded. Visa ending in XXXX" tooltip
- You can then save the appointment
For more information, contact us at support@mytime.com or (385) 233-6964.
Related Articles:
Strong Customer Authentication (SCA) For Card Payments Online