All businesses based in the European Economic Area (EEA) that charge cards online (which were also issued in the EEA) are required to comply with SCA. These businesses could see increased declines if their Stripe checkout process does not include an authentication step as required by SCA rules, which is available via Stripe Checkout or the Payment Intents API.
The UK Financial Conduct Authority (FCA) has released guidance that in the event of a no-deal Brexit, SCA enforcement will be implemented as planned. See our Q&A on the Strong Customer Authentication (SCA) enforcement date for the most up-to-date details on timing.
Businesses based outside the EEA are considered to be out of scope and should see minimal impact due to SCA. Transactions generated from businesses outside the EEA are considered to be one-leg transactions and are therefore not subject to SCA rules.
Some European card issuers might choose to decline one-leg transactions, but based on recent discussions with banks in Europe, we expect that this will be uncommon.
If you are concerned about declines on one-leg transactions, you can consider integrating Stripe Checkout or the Payment Intents API to prepare. If you are using 3D Secure (3DS) on Sources, you can update your logic to require authentication for EU-based cardholders.
While requiring an authentication step can potentially introduce friction that might end in incomplete or lost sales, if you upgrade to Stripe Checkout or the Payment Intents API, you can take advantage of 3D Secure 2, which introduces frictionless authentication that is not available or indeed possible with 3D Secure using Sources.
If you are a Connect platform and not based in the EEA, see: Strong Customer Authentication (SCA) for destination charges created by non-European Economic Area (EEA) platforms for EEA-based connected accounts and EEA-based customers
United Kingdom and Brexit: Stripe expects that SCA will still apply to UK-based business and cardholders, even in the event of a no-deal Brexit, when the UK FCA begins enforcing SCA in September 2021. In addition, UK merchants are already seeing declines from partial enforcement in other EEA countries.
Strong Customer Authentication (SCA) dashboard, preparation and resources