Strong Customer Authentication (SCA) and Rock Gym Pro

Updated: 03 September, 2019

* All European Union facilities using Rock Gym Pro are now capturing credit cards using the new "SCA Friendly" API from Stripe (described below). 

New requirements for authenticating online payments will be introduced in Europe in the coming months. As part of the second Payment Services Directive (PSD2), Strong Customer Authentication (SCA) will be required for many online payments made by European customers.  This will require two-factor authentication (2FA) on many payments in Europe. 

If your facility is based in Europe and you’re using Rock Gym Pro’s online booking and calendar system to sell items online, these new requirements will most likely affect the way in which payments are processed on your website in some way.

While the EU has delayed enforcement of the new SCA Friendly regulations (original deadline was 14 September, 2019), Rock Gym Pro has updated the software to support the guidelines when each country is ready to enforce the new rules. 


How Rock Gym Pro has Prepared

1) On-session (web-based) payment now supports the required 2FA authentication.

2) 2FA authentication, when capturing new card details for future off-session (merchant initiated transactions) are now supported. 

3) At this time Rock Gym Pro does not plan to support  the emailing of a "recovery link" for when merchant initiated billing transactions are declined by the bank (because the bank is requiring 2FA for the specific merchant initiated transaction).  This may be supported in the future, but will not be ready before the September 14th deadline. We will be primarily focused on the first two initiatives. 


It is extremely unlikely that banks will be declining merchant initiated transactions for this reason. 

Based on information provided by Stripe:

- Merchant initiated transactions are not technically covered by the SCA
- It's a massive technical requirement for all businesses that perform merchant initiated transactions
- Many customers will not be able to respond in a timely manner to these recovery links.  

Because of these reasons, declining merchant initiated transactions due to a lack of 2FA on the payment is very unlikely - at least for the foreseeable future. Be aware that banks MAY require you to capture new card information with a one time 2FA authorization. This is CURRENTLY SUPPORTED (item #2 listed above).

* We will continue to update this page as more information about these requirements become available.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.