What is SCA?
The Strong Customer Authentication (SCA) is a new European norm that comes into effect on Sept 14, 2019 regarding online customer-initiated payments. Being part of the second Payment Services Directive (PSD2), It enforces at least two of the following authentication methods in the checkout flow:
Information the customer knows (PIN, password)
Information the customer has (phone number, verification code)
Information the customer "is" (fingerprint, face recognition)
Banks will not process payments that don’t comply with the new requirements.
Do I need to be SCA-compliant?
SCA applies to customer for online transactions above 30€ when both, the issuer and the cardholder’s bank, are located in the European Economic Area (EEA).
In-person card payments and direct debits do not fall into this new rule.
SCA compliance is a matter of integration with payment providers. You don't have to change anything in the way you work. However, you might need to update or install new modules.
What to do in Odoo?
Most payment acquirers available in Odoo don’t require any action on your behalf. A module update will be needed if you use Stripe, Ingenico or Authorize.Net as a provider. For Odoo Online customers, an email will be sent when the update is ready to be installed in your database.
Don't worry, if you don't upgrade your modules, you won't be an outlaw - it just means that your customers will have a hard time paying you.
Action required in Odoo
Paypal, Sips, Adyen, Buckaroo
Managed by the payment acquirer
No action needed
Stripe, Authorize.Net, Ingenico
Managed by both the payment acquirer and Odoo
Update of the acquirer module is needed in Odoo to support 3D Secure 2
Will be available for Odoo 10, 11, 12.
ETA: Sept 1st 2019
An email will be sent when the update is ready for install in your database.