This article will take you through;
- What happens prior to the payment being authorised?
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication (SCA) is an EU regulation that came into effect on September 14, 2019, it helps to fight fraud and make transactions even more secure. It changes how your customers authenticate online card payments. In some instances, your customers may be be asked to complete an extra step after the checkout process. SCA is driven by the client's bank, Glofox does not have control over when the authentication is required.
- A client can be asked to authorise a once time payment or a recurring payment. With recurring payments, the client may be asked to authorise either the first or a subsequent payment. This depends entirely on the client’s bank and it is not controlled by Glofox.
- Your clients will receive an email to authorise the payment. They will be asked to verify their identity with a push notification, a text message, or another method chosen by their bank.
- The link in the email that the client needs to authorise will expire, so it’s important that your client authorises the payment ASAP. Again this depends on the bank, and can expire anywhere between a few hours and a few days.
Authentication requests for one time or recurring card payments
As mentioned above, authentication requests are sporadic and are driven 100% by the client’s bank. The client can be asked to authorise different types of payments, for example:
- A one time payment e.g. a product purchase
- An initial subscription payment
- Any subsequent subscription payment
When a charge is processed, the client’s bank dictates whether the authentication is required. If it is required for the online card payment, the client will have to complete some additional steps after payment. The payment will show in your Glofox account as 'Awaiting authorisation'.
You can see payments needing authorisation in two places:
- The ‘Transaction’ list in Reports
- The ‘Transactions’ tab on the client profile
How your clients authenticate payments
Once the card payment is processed, the client receives an email. The email contains a link to the 3D Secure approval page. Your client must click ‘Authorise payment’. The link will expire, so it’s important that your client authorises the payment ASAP.
They will then be taken to a page to complete the authorisation. In most cases, these pages will show their bank's 3D Secure page in a pop-up but this depends on the bank that issued their card. They could also be asked to verify their identity with a push notification, a text message, or another method chosen by their bank.
The below video shows how the client will be asked to authorise a payment via email and the 3D secure pop-up:
What happens if your client cannot find the email?
If your client cannot find the email to authenticate, you can resend it to them from the ‘Transactions’ tab on the dashboard:
There is no limit to the number of times you can resend the email. If your client clicks 'Authorise' in the same email twice they will see a message letting them know they have already authorised this payment.
What happens prior to the payment being authorised?
Within Glofox, there are a few different scenarios depending on the membership type.
For unlimited memberships, the membership goes into an overdue state immediately and the client will not be able to book classes or access the gym/studio.
For all other membership types and credit packs, the membership will stay in an active state, meaning the client will be able to use their membership / credits towards class bookings and other services.
What happens if authorisation fails?
If authorisation fails, it can mean any of the following:
- The client didn’t authorise the payment on time and the link expired
- The client opted to ‘Fail authentication’
- The bank did not authorise the payment
Within Glofox, there are a few different scenarios for failed authorisation depending on the membership type.
For unlimited memberships, if the member fails to authorise before the email link expires, the payment will remain in a pending state and will not revert to a failed state. In this instance, if the member still wants to proceed with the transaction, you will need to cancel and resell the membership.
For all other membership types, if the member fails to authorise the payment before the email link expires, the membership will stay in an active state. In this instance, we recommend that you notify your client and take the outstanding payment via a custom charge.
Next steps and additional support
For more information on payment processing, follow the link below;
For additional support reach out to email@example.com and we will be happy to assist you.