Frictionless e-commerce is a huge part of what makes our boutique fitness clients so successful. zingfit is passionate about delivering safe and seamless e-commerce workflows that enhance your studio’s digital presence and help your clients get from clicking to sweating faster. 

And, when it comes to buying online, safety and security are of the utmost importance. If your studio is located inside the European Economic Area (EEA), then you will be aware of new legislation that comes into effect on September 14th. This is to better regulate online payments, protecting both you and your customers. The new regulations will mean extra security checks for your customers to complete when they are making online purchase. To help keep them safe from online fraud.

 

What is the revised Payment Services Directive (PSD2)?

Introducing new Strong Customer Authentication (SCA) regulations is part of the revised Payment Services Directive (PSD2). This is a regulatory requirement intended to increase customers’ protection against fraud for online purchases inside the EEA. 

It’s a big change for banking, businesses and customers alike. Because PSD2 will have an impact on many aspects of online shopping and banking your studio’s customers will have received emails and letters about this change from their own banks.

The banks want your customers to be as prepared as possible because customers will (in certain circumstances) be obliged to answer extra security questions when they complete online purchases.

The new PSD2 regulations will enforce Strong Customer Authentication (SCA) for most online purchases (as well for online banking).

 

What is Strong Customer Authentication (SCA)?

Similar to two-factor authentication, SCA adds extra steps into the online checkout process in order to reduce fraud and make online payments more secure. This means when making a debit or credit card online payment the customer may be asked to provide an additional form of authentication, such as a verification number. More technically speaking, SCA will use an authentication technology called 3D Secure. 3D Secure uses at least two of the following three elements:

Examples of SCA:
1. A second password or PIN
2. A phone or hardware with a token
3. A fingerprint or face recognition 

 

How and when will the changes be implemented to Stripe and zingfit?

zingfit has been preparing for this change by implementing Stripe’s new payment processing updates. We will be incrementally rolling out Stripe’s updates to our customers’ frontend e-commerce over the next few weeks – late August through early September. The zingfit platform will be ready for the deadline on September 14th, 2019. 

 

Will anything look different on our zingfit powered purchase pages?

Today, when a customer makes an online purchase, they need to enter their credit/debit card details or use the existing card number on file (securely stored by Stripe). This first-part will remain the same.

However, one of the more visual changes, albeit subtle, will be design changes to the fields where your customers add their debit/credit card details. Stripe has updated the visual formatting of these fields, so you and your customers might notice that the credit card, expiry date and security (CVC) fields look a little different.

 

What will change when customers make a purchase?

(If you’re a business in the European Economic Area…) On September 14th, when the regulations take effect, your customers may be asked to complete another security step right after entering their debit/credit card details and clicking “Place Order”  i.e. a second-step that requires Strong Customer Authentication (SCA) will appear on the purchase page.

For example: if the customer is making a big purchase their bank will apply SCA to the purchase.
A modal (an overlay on your website and mobile app purchase page) will appear asking your customer to answer extra security questions. 

The payment processor ‘talks’ to the issuing bank as the purchase is taking place. The issuing bank determines if the extra step of Strong Customer Authentication is required. The issuing bank’s own algorithm decides whether to apply SCA to the purchase – not Stripe and not zingfit. 

What triggers SCA on a purchase (meaning the extra security question modal appears)?

The reason one customer might see the extra security questions (and another customer will not) is dependent on many factors, reasons include: 

– The fraud risk level of the “issuing bank” i.e. the customer’s bank that provides the debit/credit card
– The size of the purchase being made, e.g. payments below €30 are exempt
– If the customer is using the correct home address to which the card is registered
– If the customer is making a purchase in a different country to where their card is registered

Read more about the triggers for SCA.

The payment processing and banking industry are trying to minimize the friction around SCA, this article also provides information on the possibility of exemptions to SCA for certain purchases and in certain circumstances.

 

Your customers will be hearing a lot about this from their banks too.

Your customers will have received emails and letters about SCA from their banks asking customers to make sure they have the right mobile phone number, email address, etc. on file with their banks to facilitate smooth SCA experiences.

 

For brands outside the European Economic Area (EEA).

We are deploying Stripe’s PSD2 update to zingfit globally, for all our clients using Stripe. This is with the expectation that SCA is going to come to your country soon too. However, if you are a studio using Stripe outside Europe, you and your customers won’t notice any other changes for now – apart from a small update to the credit/debit card fields on your purchase page.

 

Are you in the UK? …If so, a word on the UK and PSD2.

The UK banking industry has been preparing for the new PSD2 regulations and SCA requirements. The UK will be able to delay its adoption of the new regulations by 18-months, as recently confirmed. 

The UK’s Financial Conduct Authority (FCA) has confirmed an 18-month delay to the introduction of SCA rules for e-commerce transactions. Read more here. (Source: finextra.com, Aug 13, 2019)

However, PSD2 and SCA will still apply when other non-UK citizens from the EEA make online purchases on UK websites. This will be a much smaller percentage of your customers but for our London boutiques we imagine 5% of your customers are from France, Scandinavia, The Netherlands, etc.

 

Any questions?

We encourage all our clients to be as educated as possible about these progressive changes. These changes will ultimately protect you and your customers from fraud. It’s important, that together, we continue to build a boutique fitness experience that’s both seamless and secure. If you have any questions or concerns please feel free to reach out to our Support Team here.