Strong Customer Authentication (SCA) aims to make online payments more secure for users and reduce fraud. It is part of the Payment Service Directive (PSD2) as enforced by the Financial Conduct Authority.

Services that take payments from the EU, Norway, Iceland and Liechtenstein (otherwise known as the European Economic Area, EEA), had to meet SCA regulation by 31 December 2020. In late 2019 the European Banking Authority (EBA) announced a delay to the enforcement of Strong Customer Authentication (SCA) for online card transactions as required by PSD2 regulation.

By March 14 2020 VISA has been mandating that all issuers enable their 3DS2.1 solution in Europe, meaning that issuers will be in the position to request Strong Customer Authentication for all card-not-present payments. We are fully expecting the volume of card declines for non-3DS2 authenticated payments to increase significantly from that date, especially for merchants that issuers consider to be high risk, which is why VISA is strongly encouraging all merchants to adopt 3DS2 by this date.

Totem relies solely on third parties to bill their customers. For your safety, we don't store or process our customer credit cards, but rely on VISA / Mastercard certified third parties to do it. Each of them is rolling out the new SCA regulations at their own pace, so depending on the payment processor you use, you might or might not be asked for 3DS2 today or in the near future.

Great information. I think this would be great to be sticked and open up a Q&A in the regular section.

Maybe these Links could be helpful as well.

https://en.wikipedia.org/wiki/Payment_Services_Directive

eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/…

eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/…

https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money

https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/guidelines-on-fraud-reporting-under-psd2

If someome wants to Fight through that Stuff.

Will this effect those of us using Paypal/Epoch?

What about those in the states?

If SCA is still used, what will show up if you use Paypal/Epoch?

Is this that thing where you need to input a static password and a dynamic password before completing the payment? We've had that for utility bills for quite a while now.

@Jackalnxt

where you need to input a static password and a dynamic password before completing the payment?

There are several ways for Online Payment Solutions like for example

Two-Factor Authentication > https://authy.com/what-is-2fa/

or Dynamic Passwords - Enforcing Authentication

https://blog.bio-key.com/dynamic-password-enforcing-authentication-otp

https://www.unicreditbulbank.bg/en/individual-clients/bank-cards/additional-card-services/dynamic-password-online-payments/

But at the end this is all Content from the PSD2 Regulation.

I know for myself that the Content behind the Links is a lot of Stuff to read about it,
and if the PSD2 Regulation is really more secure, i don't know.

But i know one thing for sure, that Online Payment Methods are getting now more "slightly" complicated.
What brings more Security between the Companies and the Customers, can be a ***** in the Butt
for the one or the other single Individual.

I would like to give you an example. I'm Buying my Credits on iStripper via SofortBanking,
and it was always the case before as well.

My Bank provided myself the TAN's for this via Paper list in the beginning, then later via SMS
and now they are ***** me to use an App for my Smartphone to fetch my TAN's.

I have no longer the ability to receive my TAN's via the regular SMS this is now over,
at least on my current Bank.

The Reason for this is, that the App is transferring the TAN Encrypted inside the App.
It is indeed more secure but it is more or less a little bit more complicated.
Because now i need a second separated Password for the App on my Smartphone,
beside my separate Password for my Bank Account.

The Funny thing is, my Bank is still providing the TAN's via Paper list, so if i want them
i have to get them inside my Bank from an Employee there,
including an Autograph and Liability for it, but understandable of course.

If i would chose these List method again they will delete all my Account Data from the App
(which is Understandable), and if i would go back to the App again,
i have to make the whole Registration procedure for the App again inside my Bank
with an Employee again ... At least this is what they were telling me.

So ya, it makes things more secure, but also slightly more complicated. But like i was saying
this is all Content from the PSD2 Regulation from the EU.
So you should at least follow the Wikipedia Link which i provided earlier.

And just in case someone is missleading something, Totem has nothing to do with it.
But they have to follow these Regulations,
like every other Company which is providing an Online Payment Service.

Hier noch etwas für die Nutzer aus Deutschland welche sich noch nicht eingehender
mit der Thematik beschäftigt haben, kann ja durchaus sein :)

Heise Online sollte den meisten bekannt sein, und es gab in der Vergangenheit diverse Artikel
in der CT Zeitschrift, and ebenso auf deren Youtube Kanal.

https://www.youtube.com/channel/UCAszOEwa5CS4WFwYpkjdaUQ/search?query=psd2

Das erste Video dazu wurde bereits 2018 veröffentlicht,

https://www.youtube.com/watch?v=UF4KnynXbW0

hoffe es Hilft jemanden eine wenig Licht ins Dunel zu bringen.

@Stanston

Yeah, that's what I figured. It is indeed a bit of a ***** at first, but I won't oppose steps to prevent fraud.

I just hope the payment method is straightforward, and not like my Water Utility bills where I have to navigate menus for half an hour in order to pay a 1,50 Euro water bill.

but I won't oppose steps to prevent fraud.

I think this is always a smart move @Jackalnxt but i still don't get over it,
that my Bank is telling me that the TAN Paper List is totally insecure now,
but it is still accessable to me, if i want them LOL!

But i guess i don't have to Understand everything and i also could imagine that this method
is at some point not available any more like that TAN transfer method via SMS.

I just hope the payment method is straightforward

As far as i can tell, the current method with my Banking App is working pretty good.
The only thing which i have to do is to open up and Login to it, before i'm starting
the Transaction process in my Webbrowser to Buy Credits for iStripper.

And in my Opinion which is pretty convenient, i'm seeing the Transaction
almost immediately after the Transaction on my Bank Accout.

That's how it's done 👍

So the transitional phase for the Deadline for PSD2 is now over,
now it's to the Companys/Payment Providers how they can handle with the new Situation.

Possible Complications not excluded ... yet.

more safety often comes along with reduced comfort. it will take some time to get used to new payment procedures. i already activated 3d secure but was never asked for it so far. i can see that epoch offers EPS payment - probably i will make use of that option more in future.

Will this have any effect on US payments? I know my Bank already flags my over seas transactions for review. It was bad at the beginning. Total account lockdown with me having to call the bank to review and make sure everything was legit.

Will this have any effect on US payments?

I think it eventually will take a benefit to all: if there is a strong autentication on, and so there can not be any doubts about the person who made a transaction, there will therefore be no need anymore for a bank to flag a transaction as suspicious and/or block it.
During the process of implementation and stabilization of such a new tecnology, though, there could temporarily be even more issues for the customers...

until hackers target your phone and stealing the codes without you knowing that some apps do that already in background :(

@goodwolf

until hackers target your phone and stealing the codes without you knowing
that some apps do that already in background :(

That is indeed the other Downside of this method for sure,
but 100% Security is in Fact an Placebo as well in our connected World.

Except you are disconnecting all your Devices from the Network 😜

But in my case i'm only using this Banking App as my only Third Party App.
Everything else on my Phone is Vanilla, because even it's a Smarthphone
where you can Surf, Whatts App, and Photos and all that Fun Stuff.
I'm just using it for only one purpose ... Phoning :)

But at the end, the biggest Security Issue for an connected internet capable Device,
is still the Enduser itself 😎

What about Paypal Cash Cards, where you can store money on them to make a purchase later? Is it possible to still use this method or will bank still send notification I wonder? Or is this even possible to use with iStripper anyway? Someone on here I thought, brought the idea up to me at one point.

Issue I have, is with having a bank account that is shared with others. I worry that even if I tie it to my phone, and flag it as okay, the others on that account my recieve a notification or request of the transaction. :\

@Darkness97

What about Paypal Cash Cards, where you can store money on them to make a purchase later?

Paypal has it's own Terms and Conditions because they are only another Third Party Payment Provider.
So i think the Team here can't Answer these Questions, but follow this Link

https://www.paypal.com/us/webapps/mpp/home

and scroll all the way to the bottom, there are some useful Links for you.

As far as i can tell, if you Purchase a Paypal Cash Cards, your Transaction should be recorded
on your Paypal Account, so usually it "should be" no Problem.

But like i was saying, make Contact with the Customer Support from Paypal to bring clarification for yourself.

Issue I have, is with having a bank account that is shared with others.
I worry that even if I tie it to my phone, and flag it as okay,
the others on that account my recieve a notification or request of the transaction. :\

This is also something which you have to clarify with your Bank as well.

I have an Idea for you, make yourself some Coffee, because the Video has almost an hour Runtime,
but maybe it helps you. > https://www.youtube.com/watch?v=vvVF72Mbjnk

Just for your information :
I've bought some credits with the software, using Netbilling as the payment processor and my Visa card. I just had to authentify myself with my bank's app on my smartphone to validate the transaction. Easy and safe method.

Thanks for the information Rex!