Saturday, October 31, 2020
Text Size

News & Blog

Stripe for Joomla & VirtueMart: SCA and PSD 2, Questions and Answers

With the Strong Customer Authentication (SCA) deadline falling on Saturday, 14 September 2019, we received a lot of questions and enquiries from clients and prospective customers asking us for clarification on what to expect. The following explains this in some detail.

What are SCA, PSD2 regulations, 3D Secure 2?

Strong Customer Authentication (SCA) is part of the new requirements to authenticate online payments which will be introduced in Europe as part of the second Payment Services Directive (PSD2).

Currently, the most common way of authenticating an online card payment relies on 3D Secure—an authentication standard supported by the vast majority of European cards. Applying 3D Secure typically adds an extra step after the checkout, where the cardholder is prompted by their bank to provide additional information to complete a payment (e.g. a one-time code sent to their phone or fingerprint authentication through their mobile banking app).

3D Secure 2—the new version of the authentication protocol rolling out in 2019—will be the main method for authenticating online card payments and meeting the new SCA requirements. This new version introduces a better user experience that will help minimise some of the friction that authentication adds into the checkout flow.

See also:

What will happen to my website with the current plugin version (v2.2.6)?

Payments authenticated using 3D Secure v1 (3DS1) with the current version of our plugin are in compliance with Strong Customer Authentication (SCA).

Please make sure that in the settings in VirtueMart > Payment methods > (Stripe) > 3D Secure support is enabled.

We are in regular contact with Stripe, and they already confirmed that

« 3DS v1 will continue to work as it has, and as expected for any integration(s) using it. However, compared to functionality offered through 3DS2, 3DS1 has some disadvantages. »

See also:

Is the Puma-IT Stripe plugin for VirtueMart fully updated for 3D Secure version 2?

Short answer: not yet. We were aiming to release it this Summer, and we have made great progress! But not enough to release a major version of the plugin.

Yes, we are a bit under pressure. However we prefer to not provide a specific schedule, as the margin is tight. This is a very unusual kind of upgrade. We don’t want to rush it and create problems or headache for our clients. Also, it will probably require from us, more support time than usual for our subscribers.

In any case, all our current subscribers will be notified about any update. Public information will be communicated on this website as well as on social media. We will also provide extended assistance to our clients if needed.

What is 3D Secure 2?

The 3D Secure standard—often known by its branded names like Visa Secure, Mastercard Identity Check, or American Express SafeKey—aims to reduce fraud and provide added security to online payments. Beginning in late 2019, banks are expected to gradually start supporting a new version of 3D Secure.

3D Secure 2 (3DS2) introduces “frictionless authentication” and improves the purchase experience compared to 3D Secure 1. It’s expected to be the main card authentication method used to meet the upcoming Strong Customer Authentication (SCA) requirements in Europe and a key mechanism for businesses to request exemptions to SCA.

See also:

What are the benefits of 3D Secure v2?

Once our Stripe integration is updated, Stripe will dynamically start applying exemptions and authentication when required by the cardholder’s bank—taking into account each country’s enforcement timeline to minimise friction.

What to do if I have an older version of Puma-IT’s plugin Stripe for VirtueMart?

Our plugin supports 3D Secure (version 1) since January 2018 in its version 2.2.0. So we strongly suggest you update the plugin to the latest version.

If you have a plugin version prior to 2.2.0, then your VirtueMart e-Commerce website cannot support 3D Secure at all. In this case, we also recommend you update our plugin.

If your subscription has expired, then it’s easy: please login, and renew by simply navigating to My Subscriptions > Renew.

Strong Customer Authentication (SCA) Enforcement Date

This is the last update from (17 September 2019):

« Strong Customer Authentication requirements officially went into effect on 14 September 2019.

That said, the European Banking Authority published new guidance on 21 June 2019, which allows national regulators to postpone the SCA enforcement date for select banks and payment providers. »

I received an email from Stripe: They estimate that xx % of my yearly payments volume could be impacted by new Strong Customer Authentication (SCA). What should I do?

You may have received several emails from since this Spring, just like many of their customers, including us. Stripe are very good at communicating and educating their customers, developers, and partners. And their support is also excellent.

This is the latest email we received (10/09/2019):

« After announcements by many national regulators, we anticipate a phased enforcement of the new SCA requirements over the coming months. However, we do expect some European banks to start declining payments that aren't SCA-ready starting 14 September.

Our information shows that you still need to make changes to your Stripe integration in order to prepare for SCA and help avoid an increase in declines starting 14 September. »

If you have any specific question or issue, please contact them directly (details in the email received). You may also find answers here:

How can Puma-IT help me further?

At Puma-IT, we have a temporary solution for customers who will experience declines in payments before we release a new version. We also have practical, quick workarounds for our clients. So yes, we can help you!


Please rest assured that we will do everything we can to help you, our current clients, past subscribers, and all new customers!

Thanks to all our clients and subscribers for their trust and their patience on this special upgrade!

Comments powered by CComment

Prices shown without VAT unless explicitly stated otherwise. If you are an individual who resides in a member state of the European Union taxation territory or a business located in it which does not provide a valid VIES-registered VAT number during the subscription process you will be charged VAT at the main rate of your country in accordance to the European Directive 2011/83/EU and its incorporation into EU member states' local laws. Residents of Ireland and Irish businesses will always be charged 21% VAT *.
(*) A six-month reduction in the standard rate of Value-Added Tax (VAT) from 23% to 21% will apply, effective from 1 September 2020.

The Joomla! ® name is used under a limited license from Open Source Matters in the United States and other countries. Puma-IT is not affiliated with or endorsed by Open Source Matters or the Joomla! Project.

Popular Joomla Posts

Stripe for Joomla & VirtueMart: SCA and PSD 2, Questions and Answers

With the Strong Customer Authentication (SCA) deadline falling on Saturday, 14 September 2019, we received a lot of questions...

Official Launch: Ireland 2016 Family History

Official Launch: Ireland 2016 Family History
The Minister for Arts, Heritage, Regional, Rural and Gaeltacht Affairs, Heather Humphreys TD, is today...

eGovernment Award for

eGovernment Award for
The Promoting Ireland Overseas Award winner is!     We...

Waterfront Rest B&B independent Booking and Reservation solution, and connected with OTAs

Waterfront Rest B&B independent Booking and Reservation solution, and connected with OTAs
February 2017: Booking solution on B&B’s own website, French English bilingual, Featured backend software...

2017 Ireland eGovernment Awards

2017 Ireland eGovernment Awards
Two projects from our client, the Department of Arts, Heritage, Regional, Rural and Gaeltacht Affairs,...
  • 1
  • 2