One of the common questions the Hotel Booking users have got is whether Stripe payments built in the plugin SCA-ready and use 3D Secure.
The Hotel Booking plugin appears to be SCA-ready since v. 3.6.0 from August, 2019. It should be mentioned that SCA (Strong Customer Authentication) is often confused with two-step verification or 3D Secure, which is used by Stripe mostly for credit card payments. Let us break it down below real quick, so it is totally clear about SCA and 3D Secure in the Hotel Booking plugin.
- Only Stripe themselves decide whether and/or when 3D Secure is required.
- 3D Secure is not always necessary, as according to Stripe "3D Secure authentication is displayed when required by SCA".
- SCA is required only in case both the bank AND the Customer are in European Economic Area (EEA). If one of the parties is located outside EEA, then SCA is not obligatory.
- Even when both the bank AND the Customer are in EEA, 3D Secure is not required for low-risk transactions, again, according to Stripe: "While some low-risk transactions (based on the volume of fraud rates associated with the payment provider or bank) do not require authentication, banks can choose to not honor these exemptions and request that the customer complete authentication".
- The Hotel Booking has passed all the steps and it has been approved by Stripe that our solution is SCA-ready. The 3D Secure usage is up to Stripe and the bank, we are not the ones to decide whether to use 3D Secure or not.
- In addition 3D Secure is mostly used for credit card payments. In case any other payment method is used, 3D Secure may be not obligatory.