Skip to main content
Branding mascot

Welcome! How can we help you?

Got a Question? Ask our Community!

Have a question, or a tip or trick to share! Sign in with your Thryv credentials and post in our User Community!

Master Thryv Like a Pro!

Sign in and take our self-guided courses to maximize your experience and boost productivity!

You appear to be not logged in so your learning paths progress may not be saved.

Strong Customer Authentication (SCA) and 3D Secure 2: FAQ for Keap Users

Product Success Team
  • Updated

What Is Strong Customer Authentication

Strong Customer Authentication (SCA) is a requirement introduced on September 14, 2019 as part of the PSD2 regulation in Europe. SCA requires European businesses to add an extra layer of identity verification when customers make online payments, using a method called 3D Secure 2. Transactions that do not comply with SCA requirements may be declined by a customer's bank. For details on the SCA enforcement timeline by country, see the Stripe SCA enforcement timeline by country.

Frequently Asked Questions

Does my business need to comply with Strong Customer Authentication?

SCA compliance applies to businesses located in the European Economic Area (EEA) that accept payments from European customers. If your business is based outside of Europe but accepts payments from customers in the EEA, check with your payment processor to determine whether SCA applies to your specific situation.

Is Keap ready to handle SCA-compliant transactions?

Yes. Keap supports SCA-compliant transactions through 3D Secure 2 when using Stripe as of December 17, 2020. Businesses that need SCA compliance can also use PayPal Smart Payment Buttons in both Keap and Max Classic, as payments made through PayPal Smart Payment Buttons include the required 3D Secure 2 authentication automatically.

What if I am not using Stripe?

If your business requires SCA compliance and you are not currently using Stripe, migrating your payments to Stripe is the recommended path to become SCA-compliant. Once you are on Stripe, 3D Secure 2 is available with no additional setup required.

When should I move my payments to Stripe?

If your business requires SCA compliance, migrating to Stripe before the SCA enforcement deadline in your country ensures your payments will not be declined. Check the Stripe SCA enforcement timeline to confirm the specific deadline that applies to your country and customer base.

I am getting SCA warnings from my payment processor — what should I do?

If you are receiving SCA warnings from your current payment processor, review the Stripe SCA enforcement timeline to understand how your country and customers are affected. If your business requires SCA compliance, migrate your payments to Stripe to resolve the warnings and ensure future transactions are processed without issues.

What is 3D Secure 2?

3D Secure 2 is the authentication method used to comply with Strong Customer Authentication requirements. When a European customer makes a payment that requires additional verification, 3D Secure 2 presents an authentication flow directly within the payment experience — typically as a modal window — so the customer can verify their identity without being redirected away from your checkout. The specific authentication method depends on the customer's bank and may include a one-time passcode, biometric verification, or another approved method. For a technical overview, see the Stripe guide to 3D Secure 2 and Strong Customer Authentication.

What do I need to do to enable 3D Secure 2?

If you are already using Stripe as your payment processor, 3D Secure 2 is enabled automatically — no additional setup is required. If you are not yet using Stripe, migrate your payments to Stripe to gain access to 3D Secure 2 and SCA compliance.

What does the 3D Secure 2 checkout experience look like for my customers?

When a customer makes a payment that requires 3D Secure 2 authentication, the checkout process follows these three steps:

  1. Initiate the payment — The customer fills in their card details and submits the checkout form to initiate the payment as they normally would.
  2. Dynamic authentication check — The payment processor detects whether additional authentication is required for this transaction. If authentication is required, a 3D Secure 2 authentication flow is presented to the customer in a modal window within the checkout page. The authentication method varies by bank and may include a one-time passcode sent to the customer's phone, biometric verification, or another method approved by the customer's bank.
  3. Complete the payment — Once the customer's identity is confirmed through the 3D Secure 2 flow, the card is charged and the transaction completes.

Will every transaction require additional authentication through 3D Secure 2?

No. Some low-risk transactions may be exempted from the additional authentication step under SCA rules. When processing a payment through Stripe, Stripe can request an SCA exemption on your behalf for eligible low-risk transactions. The customer's bank then evaluates the transaction risk and decides whether to approve the exemption — allowing the payment to proceed without the additional authentication step — or whether authentication is still required.

Using SCA exemptions for eligible low-risk transactions reduces authentication friction for your customers without compromising compliance. For more information on how Stripe handles SCA exemptions, see the Stripe guide to Strong Customer Authentication and exemptions.

Related articles

Comments

0 comments

Can't find what you are looking for?

Our customer support team is available 24/7 by online chat, phone, or email

© 2026 Thryv, Inc. All rights reserved.