5 questions answered
This month Jomablue launches a new payment process that will enable event organizers to comply with changing EU compliance requirements and safeguard online transactions against fraud. Keep reading to discover everything you need to know.
Question 1: What is SCA?
On 14 September 2019, new requirements for authenticating online payments were introduced across Europe to safeguard online transactions and reduce credit card fraud. These requirements will be fully enforced by 31 December 2020.
SCA = Strong Customer Authentication is the new regulatory requirement for online stores to build additional authentication into their purchase flow. Required are at least 2 of the following forms of customer authentication:
- Something a customer knows – a log in or password
- Something a customer has – a phone or hardware token
- Something a customer is – fingerprint or facial recognition
PSD2 = Payment Services Directive II is a legal act of the European Union that sets new requirements for securing online payments. Under it, additional authentication is required and banks are required to decline transactions that don’t meet the SCA criteria.
Question 2: How does this impact event ticket sales?
An additional step in the check-out process has been rolled out in the latest Jomablue release to support SCA verification requirements. Event organizers proving paid event registration to delegates within the EU will need to comply with the new SCA EU regulations.
Question 3: What if I am not in the EU (or UK)? Will my event be impacted?
Under PDS2, banks are required to decline payments that don’t meet SCA criteria. Even if your event is held outside of Europe, anyone purchasing tickets with a credit card from an EU bank will need to follow SCA authentication processes.
Question 4: How does Jomablue ensure SCA compliance?
SCA requires online stores to build additional authentication capability into their purchase flow. The Jomablue check out process will remain largely the same with an additional step that enables the payment gateway, for example Stripe or Braintree, to identify if the payment method requires further authentication.
In this scenario a pop-up appears over the Jomablue payment page. This pop-up will present any secondary authentication questions required to comply with the SCA standards. What the questions are and what the questions and and the level of authentication is required is determined by the bank via the payment gateway, not by Jomablue. There is however, the functionality to ask those questions when needed.
Some exceptions to SCA apply and you can read more about them here. In summary however, the article by JP Morgan Europe explains that authentication “depends on the reference fraud rates of the acquiring bank and the issuer – not the merchant.”
Question 5. What steps do event organizers need to take?
When using Jomablue’s Paid Registration feature event organizers can trust that ticket sales comply with SCA standards and are safeguarded against fraudulent activity. When required the payment will recognize an EU credit card and take the verification steps required. Event organizers do not need to take additional action when using Jomablue.