Skip to main content

Easy Digital Downloads SCA update

Strong Customer Authentication and EDD

Today, we’re announcing the beta of our initial wave of support for the Strong Customer Authentication (or SCA for short). This initial beta consists of support for the Stripe payment gateway.

Update: Stripe Gateway 2.7 and Recurring Payments 2.9 are officially released, offering SCA Support for Stripe payments.

I’m pleased to let you know that the following extensions have betas available that enable accepting payments that require SCA:

  • Stripe Gateway 2.7 Beta 1
  • Recurring Payments 2.9 Beta 1

So without further delay, here are the big changes coming in each of these releases

How to test beta releases

In order to help ensure the final release of these extensions go as smoothly as possible, we need your help testing this beta version.

Testing the beta is very simple. Simply log into your testing site that has Easy Digital Downloads with Stripe and/or Recurring Payments installed and activated and navigate to Downloads → Tools → Beta Versions and check the box for the extensions you want to allow beta testing for.

The beta update will now be available as a standard WordPress plugin update from your Plugins page, though it could take up to a few hours for the notification to appear. For further details you can view this documentation about enabling betas for extensions.

Note: we do not recommend you test the beta on a live site, please do all testing on a staging site. While we do our very best to not cause issues during updates, sometimes issues do slip through unnoticed, so having a staging / testing site is very important.

Stripe 2.7 Beta 1

SCA and PaymentIntents support

We’ve refactored our Stripe integration from the ground up to support this new platform that not only supports the Payment Intents API, but also complies with the SCA regulations. When required by their bank, the customer will be prompted with the SCA/3DS challenge prior to completing their purchase:

An example of a test payment made with the SCA challenge.

Inline card errors with Stripe

You’ve been asking for it, and finally, with the help of the Stripe Elements platform, customers who pay via credit card with Stripe will see inline card error messages that do not require a page refresh.

Stripe Elements will now show card based errors inline, without a page refresh.

Important: If you’ve customized your checkout page to make changes to the Stripe card fields, please read the following paragraphs.

You may have noticed that the credit card fields have been changed quite a bit. Instead of three form fields for the card number, expiration date, and CVV, we have what looks like one form field. This is part of Stripe Elements, and is necessary for Stripe to work now.

If you have customized your checkout page, and unhooked our card fields with something like the following, you will need to remove this customization for the checkout and card management system to continue working.

remove_action( 'edd_stripe_new_card_form', 'edd_stripe_new_card_form' );

Stripe Checkout modal deprecation

As we covered in our initial post about SCA, Stripe has removed the ability to use the Stripe Checkout modal in this version of their API. While they do have a replacement Checkout system, it is no longer a modal and requires the customer to be redirected off your store in order to complete their purchase. Because this is such a large change in behavior, we chose not to simply move to the new Checkout, and instead redirect to the Easy Digital Downloads checkout page instead. In the future we are looking into a solution to reintroduce a ‘checkout-like’ feature that will give you the ability to use a modal once again.

PHP version requirements

Due to all the amazing new functionality that we’ve been provided via the Stripe v3 library, PaymentIntents, and the Elements checkout fields, it was necessary that we bump our PHP version requirement to PHP 5.6 or greater.

Other notable changes

  • Users now have the ability to remove all cards from their account as well as add a new card, when they have no cards associated with their account.
  • Store owners can now choose to only load the Stripe Javascript library when it is needed.
  • A much improved experience with the billing address form.
  • Updated to version 2019-08-14 of the Stripe API

Recurring Payments 2.9 Beta 1

As with Stripe, we needed to make some significant changes to our Recurring Payments extension to support SCA and the new Stripe API versions.

Mixed cart support for Stripe

Due to some changes in the way that Stripe payments are created for subscription purchases, it is now possible for customers who choose to checkout using Stripe to purchase a subscription and non-subscription product at the same time. For the mean-time, this feature is limited to when using Stripe at checkout.

Other notable changes

Most of the changes for this release are ‘behind-the-scenes’ changes. There are some other highlights that will likely be of interest for you though.

  • Ability to change the text for the link to cancel a subscription.
  • Admins can now configure and receive an email when a customer cancels a subscription.
  • Fixed a bug that caused PayPal Pro/Express to sometimes handle each other’s IPN calls.
  • Added a checkbox to allow cancelling a subscription when refunding a payment.
  • Admins can now change the price ID a subscription is associated with, when the product has variable prices.

So what about other gateways?

PayPal Pro

We’ve recently started building out support for PayPal Pro, but at this time we do not have a working integration with Cardinal Commerce, the vendor we’ve chosen to work with. We eagerly await their continued support in helping us become SCA compliant with PayPal Pro.

Braintree

We have added Braintree to our list of gateways to support in the near future. At this time we are researching what it will take to get Braintree SCA support into Easy Digital Downloads, and will communicate when if and when it is ready.

Chris Klosowski

About Chris Klosowski

Chris Klosowski is the CTO at Sandhills Development, and leads development for Easy Digital Downloads.

@cklosowski

11 comments

  1. Chris Klosowski

    Hi!
    I have two very important question about this topic: a) will the plugins be updated in a final stage before Sept, 15th? b) What about active subscriptions? do they need to be updated with a new authentication?

    1. Chris Klosowski

      Hey Marco,

      The update will be fully released by the time by the 14th. We’ve been running this beta on our sites for nearly a week prior to launching the beta, in order to make sure things were working as expected.

      As far as active subscriptions, they will not need to be re-processed with authentication, just new purchases.

  2. Chris Klosowski

    Thanks for the timely update!

    Is this required by Stripe to only have the one card field in their checkout to be SCA compliant? Is this a technical requirement or is it possible to use individual cardNumber, cardExpiry, and cardCvc fields as well?

    Fwiw: I’d prefer having individual fields, with clear labels – not just placeholders, that vanish, once the customer starts typing into the field.

    Again, thanks for the update!

    1. Chris Klosowski

      Hi Haptiq,

      At this time it is a limitation/requirement to have the single field. While there are ways to create individual fields with Stripe Elements, for complexity and being sure we could hit the deadline for SCA in time, we focused on the default and suggested format from Stripe.

      I will look into ways we can improve the customization of the fields in a future release.

  3. Chris Klosowski

    Hi Chris,

    Betatesting here. The upgrade routine triggers this error:

    Warning: call_user_func_array() expects parameter 1 to be a valid callback, function ‘edd_upgrades_screen’ not found or invalid function name in https://s8333.pcdn.co/usr/home/web/wp-includes/class-wp-hook.php on line 286

    I sent you an email, not sure if you prefer another channel to do this.

  4. Chris Klosowski

    It’s Thursday, on Saturday it has to work. You are releasing a Beta for a problem which you could know since months. This really a …

    Not happy in any kind.

    1. Chris Klosowski

      Hi Frank,

      I understand your frustrations. I want to be clear, that we have been working on this for nearly a month and a half for EDD. For our other products as well. We’ve been working directly with Stripe on this to get not just our primary Stripe Gateway working, but also the recurring payments add-on, so that payments will continue to work after the September 14th deadline. I think it’s important to know that we’ve been in contact with Stripe for the last few months, working with their development team, understanding their new API and helping them improve their platform as well.

      I’m sorry we’ve not been able to meet your satisfaction and apologize for not communicating with everyone earlier than the last two blog posts. Our primary goal was to have the continued support for Stripe SCA payments so our customer’s sites would not fail to meet the regulations, and that took time to get correct and working in a way we felt comfortable with it.

  5. Chris Klosowski

    Hi Chris

    On 11. September you wrote you’re running this beta on your sites for nearly a week prior to launching the beta and afterwards you wrote that the update will be fully released by the time by the 14th.
    Today is the 12. of September! I suppose I’m not the only one of your paying customers who runs an online shop with several thousand customers itself. Reading your post sounds like a bad joke. SCA has been known for 2 years, especially for you as a provider of online shop software. I can’t believe you to start beta testing only about one week and publishing an update one or two days before the final deadline. Why is that? Can I still assume that you are courageous in the interests of your customers?

    When exactly will you provide the final update?

    Kind regards, Ramona

    1. Chris Klosowski

      Hi Ramona,

      I can fully respect your frustrations and feelings like this. We should have done a better job communicating our entire process with our customers, informing them of our progress on the integration. As with many regulatory things like SCA, the plans for it were set in motion nearly 2 years ago. It took quite a while for the gateways to be ready to support it, some of them are just not supporting it. We worked directly with Stripe as they were one of the more vocal and developer friendly platforms that reached out to use to help us get our SCA compliance working. We finally got the support for SCA with Stripe in June when they updated their PHP Library to fully support SCA.

      Once we had the updates we got to work, and started building out what is the betas you are looking at now. It was very important that we not just get Stripe SCA compliant but our recurring gateway as well. Releasing one without the other would have been unhelpful to our customers.

      We always have the interests of our customers at the forefront of the things we’re doing, which is why we tested this in our live sites first, to make sure we could catch any bugs and not have failed payments on our customers’ site, worked directly with Stripe for the last 5 months so that we could offer a reliable SCA transition, and committed to having both our Recurring Payments and Stripe integration ready by the deadline, instead of just releasing Stripe support.

      The development team at Sandhills put in a lot of work on all the SCA releases for all our products and I’m extremely proud of what they have built and how easy the transition has been.

      We fully intend to release the final update later today, so please check back shortly.

  6. Chris Klosowski

    Thanks for all your hard work! This was no easy task to pull off with such short notice. Can’t wait until 3.0 too, do you have a rough timeline?

    1. Chris Klosowski

      @james,

      Thank you! The team at Sandhills really put in the work for all of our products. As far as 3.0, we’re going to re-assess now that we’re able to get back to EDD Core development. We pulled all resources to get this first SCA release out.

Leave a Reply

Your email address will not be published. Required fields are marked *

Read our latest blog post:
Easy Digital Downloads SCA update