Today we are releasing version 1.1 of our Stripe Integration plugin.
If you have EU based customers who pay for Ads postings using the WPAdverts Stripe Integration then this is a must-have update for you.
What and When?
On 14th September new PSD2 regulations will be enforced in the EU. The regulations itself apply to banks mainly.
What applies indirectly to website owners (that is every site owner who has EU based customers using credit cards) are the Strong Customer Authentication (SCA) regulations or even more specifically the 3-D Secure Card Payments. Stripe itself has the best explanation of the 3-D Secure so let me quote from their website:
3D Secure provides a layer of protection against fraudulent payments […]. Unlike regular card payments, 3D Secure requires cardholders to complete an additional verification step with the issuer. Typically, this involves showing the customer an authentication page on their bank’s website, where they are prompted to enter a password associated with the card or a verification code sent to their phone. This process is familiar to customers through the card networks’ brand names, such as Visa Secure and Mastercard Identity Check.
What does it mean for me?
The current Stripe integration was charging cards directly. In version 1.1, we have an additional code which will handle the optional verification step. It is highly recommended that you update your Stripe Integration to version 1.1 or newer before 14 September to ensure your credit card payments will work without any problems.
Note that if the card will not require additional verification then the old Stripe integration will still work, but right now it is hard to tell how many of the cards will require the authentication so it’s hard to tell how many payments will fail if you will not update the integration.
How to update?
As with any WPAdverts extension, you should see an update notice in wp-admin / Plugins panel on your site. If you will not see it within 24 – 48 hours, go to wp-admin / Dashboard / Updates panel and click the “Check Again” button it should find the new version.
After updating you need to configure Stripe webhook. Webhook will receive confirmation about the submitted payments. In the older Stripe integration, you did not need to set up it, as the information about card charge was returned as a reply to “charge” command.
In other words, the reply was received instantly. In the new version, this is no longer the case as after verifying the payment the user might not come back to your website and the payment would not be marked as completed. Instead, the webhook makes sure the website will receive payment confirmation.
This might sound like a lot of work but should not take you more than 10 minutes to do. The set-up is explained in the Stripe Integration Documentation in the section “Payment Confirmations and PSD2“.
You will also find a section on Live Confirm option. This is an option which will allow you to verify payment when the user is redirected from the authentication back to your site. It allows verifying payment without configuring webhooks but like i wrote earlier in some cases the user will not come back to your site after verification so the payment would need to be manually verified from the Stripe Dashboard.
Ideally, you should never rely on the Live Confirm and always have the webhook configured to receive payment confirmations.
The live confirm is handy if you are testing the integration on your localhost or if the website access is restricted some IPs only for example.