Hi Seller Community,
I’m here to share information about an important update about Strong Customer Authentication and how Square is helping you to prepare.
Strong Customer Authentication (SCA) is a European regulation to make electronic online and in-person payments more secure in the European Economic Area (EEA) and the UK. This process helps to verify cardholders and reduce the chance of fraudulent transactions.
What does this mean for my business?
This means your customers will be prompted to complete an additional authentication step, known as 3D-secure 2, when making payments through your Square Online site, via a Square Checkout Link or when paying a Square Invoice. If you are using a Square online product - Square Online, Checkout links or Square Invoices - you do not need to make any changes. Square’s online products have been updated to meet SCA requirements.
Square began rolling out the SCA compliant flow with 3D-Secure 2 (3DS2) as of 1st January 2021. SCA for Square online payments will be rolled out to all customers by 14th September 2021. Cardholders will be prompted to pass 3D-secure when necessary.
What is 3D-Secure (3DS2)?
3D-Secure 2 (3DS2) is a standardised mechanism for authenticating electronic card transactions. This is either done through a challenge flow where the customer is required to provide additional information to complete their transaction, or through a frictionless flow where the customer can complete their checkout without any additional steps.
Challenge flows include (but are not limited to) a one-time passcode sent via SMS or email, a request for biometric information such as a fingerprint scan or your customer may be directed to open their card-issuing’s bank mobile app to approve a transaction.
It’s important to note that the customer’s card issuer, not Square, will determine whether to apply a challenge flow or a frictionless flow to a transaction.
Do I need to let my website developer know?
Yes, if you are using Square’s developer products such as Square Payment Form and the Connect V2 APIs, you will need to update your Square integrations according to our developer documentation to be compliant with SCA guidelines. Developers can contact our Developer Support team for additional assistance, learn more on The Corner, or search and ask questions in Square's Developer Forums.
Sellers, Developers and Partners that use Square’s developer products such as Square Payment Form and the Connect V2 APIs must ensure their applications are SCA-compliant to minimise the occurrence of declined payments. To achieve compliance, Sellers, Developers and Partners need to update Square Payment Form Integration following this guide.
I don’t use Square’s developer products, is there anything I need to do?
No action is required by sellers who use Square Online, Square Online Checkout links and Square Invoices. We have already taken steps to ensure that these products and services are compliant with SCA. We wanted to make sure you are aware of the changes as your customers may be prompted to pass 3D-Secure 2 when completing an electronic payment at your business.
Does 3D-Secure 2 apply to Virtual Terminal payments?
Payments accepted through Square’s Virtual Terminal do not require additional authentication. If you are using Virtual Terminal for payments, no action is required from you to be compliant with SCA regulation.
Sellers using Square’s products such as Square Online and Invoices do not need to make any changes as the products have been updated to meet SCA requirements and invoke 3DS2 when necessary.
To learn more about Strong Customer Authentication visit Square’s Support Centre. Developers can find documentation about Strong Customer Authentication online, and find support in Square’s Developer forum.
If you have any questions please reply below. Not a member yet? Learn how to join the Seller Community.