All European Economic Area (EEA)-based businesses charging cards online that were also issued in the EEA are required to comply with SCA and could see increased declines if their Stripe checkout process does not include an authentication step as required by SCA rules, which is available via Stripe Checkout or the Payment Intents API.
The UK Financial Conduct Authority (FCA) has released guidance that in the event of a no-deal Brexit, SCA enforcement will be implemented as planned. See our Q&A on Strong Customer Authentication (SCA) enforcement date for the most current details on timing.
Businesses based outside the EEA are considered out of scope of and should see minimal impact due to SCA. Transactions generated from businesses outside of the EEA are considered a one-leg transactions and therefore not subject to SCA rules.
Some European card issuers might choose to decline one-leg transactions, but based on recent discussions with banks in Europe, we expect that this will be uncommon.
If you are concerned about declines on one-leg transactions, you can consider integrating Stripe Checkout or the Payment Intents API to prepare. If you are using 3D Secure (3DS) on Sources, you can update your logic to require authentication for EU-based cardholders.
While requiring an authentication step can potentially introduce friction that might end in incomplete/lost sales, if you upgrade to Stripe Checkout or the Payment Intents API, you can take advantage of 3D Secure 2 which introduces frictionless authentication that is not available/possible with 3D Secure using Sources.
If you are a Connect platform not in the EEA, see: Strong Customer Authentication (SCA) for Destination Charges Created by Non-European Economic Area (EEA) Platform for EEA-Based Connected Account and EEA-Based Customer
United Kingdom and Brexit: Stripe expects that SCA will still apply to UK-based business and cardholders even in the event of a no-deal Brexit when the UK FCA begins enforcing SCA in September 2021. Additionally, UK merchants are already seeing declines from partial enforcement in other EEA countries
Strong Customer Authentication (SCA) Dashboard, Preparation, and Resources