Configuring Strong Customer Authentication (SCA) with Chargent & Salesforce
Understanding Strong Customer Authentication (SCA)
Strong Customer Authentication (SCA) is a security mandate for online payments in the European Economic Area that requires cardholders to verify their identity before completing their transaction (checking out). You can think of SCA as multi-factor authentication for a credit card or bank while transacting online. You may be familiar with Verified by Visa (also known as 3D secure). The implementation of SCA and 3D Secure are quite similar. In fact, 3D Secure was updated in 2016 to be a valid implementation of Strong Customer Authentication in Europe.
Note that what SCA looks like may differ depending on the card issuer. One card issuer may send a push notification through its banking app to have a purchaser authenticate, while another may send an SMS code for the purchaser to type in on the checkout screen.
Naturally, one might wonder: How can a merchant implement a payment solution that complies with SCA in all its different forms from various card issuers? The good news is that a merchant can implement a single SCA solution. Ultimately, the merchant sends a transaction to the payment gateway, the card issuer decides if an authentication step needs to take place, and if so, the customer completes the authentication step. Then, the customer views the response from the gateway on their screen. It’s crucial for merchants to facilitate SCA when required. Otherwise, the transaction will be declined, and merchants won’t be able to process the payment and complete the sale.
The details the merchant sends to the payment gateway about a transaction influence whether authentication is required. For example, if the system sends a card-not-present transaction to the gateway and the customer falls within Europe, SCA will likely be required. It’s impossible to know every scenario that requires authentication, but we know that transaction amount is a large factor. If it falls below a certain amount, authentication usually isn’t required, even for online transactions, but that threshold varies based on one’s card and bank.
Cybersource allows merchants to send certain exemption codes with their transactions to avoid requiring authentication. A B2B Corporate Card Transaction, Low Risk Transaction, Low Value Transaction, Stored Credential Transaction, or Trusted Merchant are all valid exemption codes that can be sent to Cybersource to bypass authentication. These codes would be included in the POST to the Cybersource endpoint, and they look like this:
{ "consumerAutenticationInformation" : { "strongAuthentication" : { "lowValueExemptionIndicator" : "1" } }
However, if you are using a Payments App for Salesforce like Chargent, this is taken care of automatically. You simply need to add the gateway-provided SCA codes upon setup, and then Chargent sends the correct transaction details to the payment gateway.
SCA Setup with Cybersource & Chargent for Salesforce
Turn On SCA in Your Payment Gateway
First things first: Ensure that your Payment Gateway, such as Stripe or Cybersource, supports SCA! At the time of writing, most Payment Gateways support SCA if they have any presence in Europe. However, you need to either contact their support or go into your settings to turn on SCA for your gateway account.
For Cybersource, you need to contact support to receive an API Identifier, API Key, and OrgUnitID. You can’t generate these keys yourself like other types of keys. Once you receive these values, add them to your Cybersource account under Payer Authentication Configuration.
Implement SCA in Your Chargent Payments Setup in Salesforce
In Chargent for Salesforce, navigate to the Gateways tab and click edit.
Check the box Strong Customer Authentication (SCA) enabled. You’ll then notice three new fields appear. These are the same fields you just filled out on the Chargent side. Enter the values, and click Sign In to save.
That’s all there is to it — Chargent makes this really easy!
Let’s give this a test on your Payment Request page. Create a Chargent Order and Payment Request to test with, and then navigate to the pay link.
This is the standard Payment Request form provided by Chargent.
You’ll be prompted for an additional layer of authentication after entering your payment details. This is SCA in action! The screen below is a verification screen embedded in the same page the customer is on.
Note: Testing can be tricky since the card issuer determines if authentication is needed (in this case, the issuer is CO-OP Financial Services). I generally test with a larger amount to increase the odds that it gets triggered.
In our example, the authentication method is SMS. Once you click “Continue,” the card issuer sends an SMS. You’re then presented with a box to enter the code. Once entered, the payment will be processed.
If the customer fails the authentication, the Transaction record in Chargent (Salesforce) will have a Response Status of Declined and Response Status Reason of Reject. Alternatively, depending on the customer’s card, you may receive a Response Status of Failure and a Response Status Message of Charge Declined: Strong Customer Authentication (SCA) failed. I usually see the latter Response Message if the card issuer isn’t set up to handle SCA and rejects the transaction immediately without giving an authentication step. The full response XML may indicate:
validated: false and SignatureVerification: “Y”
In this situation, the customer should use another card or contact their card issuer. Providing a secondary way to pay, such as BACS, is ideal.
Finally, one last item to know for reporting purposes: While the Transaction waits for authentication, the Response Status will be set to a value of Additional Step. You can setup a report in Salesforce to see Transactions that are awaiting authentication, or that have had SCA triggered in the past. To accomplish this, ensure Field Tracking History is on for the Response Status field.
About Cloud on Purpose
Cloud on Purpose is a certified Salesforce Consultant and Chargent Implementation Partner. We believe that “how matters”, and operate with a mandate to treat people well and deliver exceptional solutions.
Our deep expertise in Salesforce and Chargent over the past 12+ years makes us uniquely qualified to implement Chargent & Salesforce according to your needs.
More SCA Resources
Cybersource: Drive Customer Experience in the Age of SCA
