Strong Customer Authentication (SCA) and Rock Gym Pro

Updated: April 25, 2019

New requirements for authenticating online payments will be introduced in Europe on 14 September, 2019. As part of the second Payment Services Directive (PSD2), Strong Customer Authentication (SCA) will be required for many online payments made by European customers. Right now, the guidelines for complying with these new requirements are loosely defined and very limited.  

If your facility is based in Europe and you’re using Rock Gym Pro’s online booking and calendar system to sell items online, these new requirements will most likely affect the way in which payments are processed on your website in some way. Your existing processing will of course continue to work; complying with the new law may be as simple as your customers whitelisting your business with their bank. However, because these new requirements are incomplete in how they will be implemented, we do not have definitive or recommended actions to take at this time.

Below is a statement from Stripe regarding "Off-Session" payments and SCA


"SCA requires customers to complete 3D Secure for some payments. When this step is required by the bank, the customer must be online to complete authentication. ​​This introduces complexity for businesses that save cards and charge them later when the customer is no longer on the website or application and can’t complete authentication. This is also known as off-session payments. A payment is described as off-session if it occurs without the direct involvement of the customer, using previously-collected payment information. Examples of this include fixed-amount subscriptions, metered-billing subscriptions, crowdfunding campaigns, and car rentals.

While some of these off-session payments are exempt as fixed-amount subscriptions and merchant-initiated transactions, the exemptions require you to authenticate the customer at the time of payment detail collection or require you to pass additional information. In addition, banks can decide to reject a request for exemption. As such, you should build a way to notify customers that they need to return to your application and complete authentication if required.

Requirements for claiming exemptions on off-session card payments are still being finalized by the card networks and banks. By July 1, 2019, we will update our products and APIs to help you claim exemptions for recurring and off-session payments".


Rock Gym Pro will continue to update this page as more information about these requirements become available.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.