Get AccessAlly today! Start getting paid for the courses you create!

Get AccessAlly Now
Get Started

PSD2 Compliance with Strong Customer Authentication on WordPress

You might have heard about the upcoming Revised Payment Services Directive (PSD2) that goes into effect on September 14, 2019… but you might not know exactly what it is or what you need to do to get compliant.

And if you’re selling a membership program or online courses (whether with AccessAlly or another tool), you might want to learn exactly what’s required to stay compliant.


This article is for informational purposes only, and does not constitute legal or financial advice. Please consult your own legal counsel for more detailed information on compliance requirements for your business.

What PSD2 Means (in English)

The Revised Payment Services Directive (PSD2) is a set of rules designed to protect consumers when they pay online, as passed by the European Parliament.

Online businesses are being asked to implement Strong Customer Authentication (SCA), where a credit card owner will be asked to confirm some details through a 3D Secure prompt.

This additional step will not be required for all purchases, only those where both the initiating and acquiring banks are in the European Economic Area (EEA).

In short: the Revised Payment Services Directive is good news, since it means increased security for payment transactions within Europe.

What is Strong Customer Authentication (SCA)?

As usual, when it comes to new technology there are a lot of 3-letter acronyms and new jargon to learn.

Strong Customer Authentication means that the payment processor needs to confirm additional information (beyond the usual credit card details) before approving a transaction.

Each bank may choose to implement SCA differently, depending on their own resources and tech systems.

Some examples of this additional checkpoint include receiving a code to a cellphone number that must be entered, logging into an online account with an existing password, and a combination of other steps that confirm identity.

PSD2 Compliance WordPress

How to setup SCA on WordPress and Other Platforms

Whether you use WordPress subscription plugins to take payments or you use a 3rd party shopping cart, you need to check that the payment processors are going to be PSD2 compliant.

One place you can check if you use Stripe to take payments is the Stripe CSA-Ready page. If you haven’t yet decided, read this article on Stripe Payments for WordPress first.

If you use a PayPal integration to take payments, PayPal will be implementing their own Strong Customer Authentication and you won’t need to do anything different to your ordering process.

Your options for SCA and 3D secure checkout on WordPress include:

  • AccessAlly
  • WooCommerce
  • Easy Digital Downloads

The most important things you can do at this time is:

  1. Look for PSD2 or SCA articles for your ecommerce tools and payment processor to make sure they’ve implemented this added security measure.
  2. If you can’t find anything, reach out to the companies behind your ecommerce and payment processor tools to learn more about how they will address the new rules.
  3. Consult legal counsel, if necessary, to learn more about nuances for your business setup.

Attention, AccessAlly Users:

If you use AccessAlly’s order forms, then you’ll be happy to know that we’re releasing an update with compliant functionality on September 12th.

Orders through Stripe will work as before, but with an added security step during the checkout process.

PayPal is implementing their own Strong Customer Authentication, and there will be no changes to how AccessAlly handles payments with PayPal.

If you use a 3rd party shopping cart or take payments directly through Infusionsoft or Ontraport, then check that your merchant services can handle PSD2 if you’re located in the EEA.

What about existing subscriptions or payment plans?

If you have existing recurring subscriptions or payment plans, you’ll want to use AccessAlly’s “Update Credit Card” functionality.

You can find the full tutorial for setting up credit card collection here, and from there you can send an email to have clients validate their card securely.

If you’ve already set up a Failed Payment automation sequence, then your email automation will kick in and direct people to update their card settings.

The bottom line?

If you’re located in Europe and have European customers, you’ll need to click the “Update plugin” button in WordPress once we release and make sure that you’ve got a way for members to update their card details.

If you’re outside of Europe, it’s still useful to keep an eye on what’s happening to online payments because it’s just a matter of time before these security measures become the norm globally.

Here’s to making the world of online business and transactions a safer place for all of us!

Nathalie Lussier

I’m a writer, technologist, and regenerative farmer. I founded AccessAlly with my husband in one frantic weekend to solve my immediate course platform issues. Over a decade later the company has grown, and our product has evolved to serve millions of learners across the globe.

LinkedIn logo
Take your online course to the next level

Unleash your online course potential with the free AccessAlly demo sandbox.

Try for free now!
Gamification icons

You might also like...