SCA

Strong Customer Authentication is an additional layer of security that was introduced in Europe in 2019. This currently only affects businesses based in Europe, and while this does not affect US based businesses, this could change in the future.

This is the biggest rewrite of our payments infrastructure to date. To accommodate the new requirements, a number of key changes were made to the workflows for purchasing a digital product, and for subscribing to your site.

TLDR;

You might have an order or subscription that's now "pending" while it waits for payment. In most cases the payment notification arrives instantly. A payment for an order or subscription could require additional authentication from the customers bank like sending a text message or something similar (only EU based businesses selling to EU based customers). If you offer subscriptions and are based on the EU, you need to update your SCA settings in your Stripe account so that the notifications to your customer are sent.

What does this look like?

When a customer attempts to purchase an item from your site, that customers bank may require additional authentication in order to process the payment. This could look similar to the below which we borrowed from Stripes documentation (Stripe is the main payment processor, we'll get into Braintree later).

Order Changes

We've kept the original page url's in tact so as to not cause too much of a disruption for your customers. In the old workflow for purchasing a product:

1. Customer adds item to cart

2. They are redirected to the cart page to review the cart

3. Upon clicking "continue" they are redirected to the checkout page to create an account and pay for the product(s).

4. Upon successful payment, they are redirected to the success page which shows their receipt, and the links to their products(s).

The new approach is very similar, with a few key changes.

1. Customer adds item to cart

2. They are redirected to the cart page to review cart

At this point, where the customer would be able to review the cart previously, they are now prompted to create an account while retaining the original cart functionality.

3. Upon clicking "continue" they are redirected to the checkout page.

Previously the customer would create their account and payment at once, but since the account was created in step one, all the customer has to do now is provide payment.

Behind the scenes, on the last step, we created a pending order for the customer. The order is pending because the customer has not paid for the order yet. For US based businesses, the customer provides their card number, the payment is processed, and they are redirected to the success page (we'll get to that).

IF the customers bank requires additional authentication, then they will be shown a message similar to the one at the beginning of these docs. After confirming payment, they are redirected to the success page.

At this point, since the payments are recorded behind the scenes when we're notified by the payment processor, the customer may see this message:

In most cases, once they click "View Order History" the payment will likely have already arrived and the customer will have access to their product(s).

If the customer pays using PayPal, the payment is immediately recorded, so there will be no "Payment Processing" screen shown.

_______________________________________________________________________________________________________

Subscription Changes

Subscriptions are treated in much the same way as the updates to orders, and like orders, we've kept the original page urls' in tact so as to reduce disruption to your business. Like the new order checkout flow, customers are prompted to first create an account before proceeding to pay for the subscription. But when it comes to paying for the subscription, there are a couple of key differences, as you'll discover below.

In the old workflow for subscribing:

1. Customer views the subscribe page and choose a plan

2. They are redirected to the payment page where they are shown a single form for creating an account and paying for the subscription

3. Upon successful payment, they are redirected to the welcome page

The new approach is very similar, with a few key changes.

1. Customer views the subscribe page and choose a plan

2. They are redirected and prompted to first create an account.

After clicking "continue to payment" they are prompted for payment. This new page sits at /subscribe/checkout.

For subscriptions there's no wait for processing because subscriptions typically start immediately. For US based businesses nothing really changes here.

For EU based businesses selling to EU based customers, if the customers bank requires additional authentication, then they are redirected to a payment page and are prompted to provide additional verification.

At this point the subscription will remain in an incomplete status while waiting for payment verification. This is the only time that a subscription will have a status of "incomplete".

If the customer exits out of this screen and returns to the site later they are shown the following banner so long as they are logged in:

Clicking "Yes please!" will take them to the payment verification screen, at which point the popup for confirming the transaction from their bank will automatically appear.

When the customer confirms the payment, the payment is recorded in the background so they may briefly see the above banner again before refreshing the page. If that's the case then they are shown a message that the payment has been completed successfully.

In most cases the payment verifications arrive instantaneously.

What does it mean to have a "pending" subscription?

This means that a customer created an account for a subscription, but didn't proceed and bailed out of the process before making a payment.

What does it mean to have an "incomplete" subscription?

This means that a customers recurring subscription payment requires additional authentication from customers bank.

Update Stripe SCA Settings

At any time a recurring subscription payment could require additional authentication with SCA. If the customer happens to log in they will be prompted to verify with our in app process. However, we strongly advise setting up the email reminder in your Stripe account to remind customers and use Stripes hosted paged to guide your customer through verifying. Mavenseed will always sync with this process.

You can set this up under https://dashboard.stripe.com/settings/billing/automatic by toggling "Send a Stripe-hosted link for cardholders to authenticate when required."

Other Key Updates

When viewing your list of orders in admin, an order may show as pending if the payment hasn't arrived yet.

Similarly, when viewing your list of subscriptions within admin, you might see subscriptions that are incomplete or pending (see above).

FAQ

What happens if a payment isn't recorded?

One important think to take away from this is that due to the requirements of SCA, payments aren't actually recorded at the exact time of payment (Stripe only). Because any payment can require SCA, and because the customer needs to be notified, the payment can arrive a few minutes after the order was placed.

We're notified by the payment processor when the payment succeeds, and we immediately record the payment for the order. This happens behind the scenes, so there may be a brief moment where your customer does not have access to the product.

However in most cases the payment arrives instantaneously.

What happens if the customer doesn't pay for the order or subscription and abandons it?

We put a cookie in your customers browser that keeps a reference to the pending order or subscription. If the customer returns to your site, they are shown a banner that asks them if they want to continue with the order or subscription, or not.

If they decide to not continue with the order or subscription, then the pending order or pending subscription is removed. If the customer opts in to proceeding to payment, they are redirected to the payment screen.

If the customer is logged out, they are shown the same notice so long as they have not cleared their cookies.

In the future we will implement ways to notify your customers of their abandoned carts and subscriptions.

In your site admin you may occasionally see orders that don't have an associated payment, although this should rarely happen. If this is the case then you will see a notice when viewing the order that the payment is pending.