What is SCA?
Strong Customer Authentication (SCA) is a new European regulatory requirement which is meant to make online payments more secure and reduce fraud. SCA requires authentication to use at least two of the following three elements:
- Something the customer knows, such as a password or a PIN.
- Something the customer has, such as a phone.
- Something the customer is, such as a fingerprint or face recognition.
You can learn more about Stripe and SCA here.
But I'm not in Europe! Does this still affect me?
While SCA may not affect you personally, it will affect a number of FormAssembly users. Also, you may not be located in Europe but your customers might be. Or they may have European credit cards that require SCA. Because of this, we will be making updates to our Stripe integration in order to take advantage of Stripe’s new SCA functionality. This move is recommended by Stripe and puts us in a position to take advantage of new functionality in the future as well!
What will be changing?
Most of the necessary changes will be happening behind the scenes. All existing and newly-added Stripe connectors will be updated to be SCA compliant and will begin to use additional authentication methods if required by the respondent's bank. Depending on the bank requirements, the form respondent will need to provide additional authentication information through a text, email, or push notification. If the respondent's bank does not require SCA, then there will be no change to the respondent flow.
The most visible change will be within the Stripe Aliases. Stripe's Payment Intents and Setup Intents will become available. These aliases can be used in place of Charges and Subscriptions when sending SCA-compliant charge information to Salesforce. Existing Stripe aliases will remain unchanged and will not impact current setups.
What do I need to do?
There is no immediate action required to enjoy the benefits of a SCA compliant Stripe connector. However, if you would like to view and use the new aliases as hidden fields on your form, you will need to refresh your Stripe connector.
Refresh Your Stripe Connector
Before you can access your new aliases, you’ll need to go into the Stripe Connector page on each of your forms by clicking to “Configure” the connector:
Or by clicking the “Connectors” button on the left-side menu of your Form Builder:
Next, save your connector to refresh the aliases. You do not need to make any changes in the connector first. This will cause the connector aliases to refresh, and will make them available in all of your various formula editors. It will also create the new hidden Stripe fields automatically in your form. These will include a new Customer ID field, Payment Method, Payment Intent, and Setup Intent.
Finally, you can delete your old hidden Stripe fields (Customer ID, Subscription ID, Charge ID). This is not mandatory.
Updating Your Stripe Aliases
You will not be required to use the new Stripe aliases when processing payments, but these aliases must be used when sending SCA compliant payment information to Salesforce. The newly available aliases are as follows:
Stripe Subscription ID > Stripe Setup Intent ID
- Old Alias: STRIPE_SUBSCR_NN
- New Alias: STRIPE_SETUP_INTENT_NN
Learn more here.
Stripe Charge ID > Stripe Payment Intent ID
- Old Alias: STRIPE_CHARGE_NN
- New Alias: STRIPE_PAYMENT_INTENT_NN
Learn more here.
Stripe Payment Method ID
- This is a new alias which did not exist previously
- New Alias: STRIPE_PAYMENT_METHOD_NN
Learn more here.
Stripe Customer ID
- This alias has remained the same
- STRIPE_CUSTOMER_NN
- To use the Payment Intent field you must connect to Stripe using OAuth authentication in your connector. You cannot use the Payment Intent field if you are using Stripe secret keys to authenticate your connector.
- If you experience any issues with connectors on forms published using the HTML copy/paste method, please try republishing your form.