Easy Digital Downloads SCA update
Today, we’re announcing the beta of our initial wave of support for the Strong Customer Authentication (or SCA for short). This initial beta consists of support for the Stripe payment gateway.
Update: Stripe Gateway 2.7 and Recurring Payments 2.9 are officially released, offering SCA Support for Stripe payments.
I’m pleased to let you know that the following extensions have betas available that enable accepting payments that require SCA:
- Stripe Gateway 2.7 Beta 1
- Recurring Payments 2.9 Beta 1
So without further delay, here are the big changes coming in each of these releases
How to test beta releases
In order to help ensure the final release of these extensions go as smoothly as possible, we need your help testing this beta version.
Testing the beta is very simple. Simply log into your testing site that has Easy Digital Downloads with Stripe and/or Recurring Payments installed and activated and navigate to Downloads → Tools → Beta Versions and check the box for the extensions you want to allow beta testing for.
The beta update will now be available as a standard WordPress plugin update from your Plugins page, though it could take up to a few hours for the notification to appear. For further details you can view this documentation about enabling betas for extensions.
Note: we do not recommend you test the beta on a live site, please do all testing on a staging site. While we do our very best to not cause issues during updates, sometimes issues do slip through unnoticed, so having a staging / testing site is very important.
Stripe 2.7 Beta 1
SCA and PaymentIntents support
We’ve refactored our Stripe integration from the ground up to support this new platform that not only supports the Payment Intents API, but also complies with the SCA regulations. When required by their bank, the customer will be prompted with the SCA/3DS challenge prior to completing their purchase:
Inline card errors with Stripe
You’ve been asking for it, and finally, with the help of the Stripe Elements platform, customers who pay via credit card with Stripe will see inline card error messages that do not require a page refresh.
Important: If you’ve customized your checkout page to make changes to the Stripe card fields, please read the following paragraphs.
You may have noticed that the credit card fields have been changed quite a bit. Instead of three form fields for the card number, expiration date, and CVV, we have what looks like one form field. This is part of Stripe Elements, and is necessary for Stripe to work now.
If you have customized your checkout page, and unhooked our card fields with something like the following, you will need to remove this customization for the checkout and card management system to continue working.
remove_action( 'edd_stripe_new_card_form', 'edd_stripe_new_card_form' );
Stripe Checkout modal deprecation
As we covered in our initial post about SCA, Stripe has removed the ability to use the Stripe Checkout modal in this version of their API. While they do have a replacement Checkout system, it is no longer a modal and requires the customer to be redirected off your store in order to complete their purchase. Because this is such a large change in behavior, we chose not to simply move to the new Checkout, and instead redirect to the Easy Digital Downloads checkout page instead. In the future we are looking into a solution to reintroduce a ‘checkout-like’ feature that will give you the ability to use a modal once again.
PHP version requirements
Due to all the amazing new functionality that we’ve been provided via the Stripe v3 library, PaymentIntents, and the Elements checkout fields, it was necessary that we bump our PHP version requirement to PHP 5.6 or greater.
Other notable changes
- Users now have the ability to remove all cards from their account as well as add a new card, when they have no cards associated with their account.
- Store owners can now choose to only load the Stripe Javascript library when it is needed.
- A much improved experience with the billing address form.
- Updated to version 2019-08-14 of the Stripe API
Recurring Payments 2.9 Beta 1
As with Stripe, we needed to make some significant changes to our Recurring Payments extension to support SCA and the new Stripe API versions.
Mixed cart support for Stripe
Due to some changes in the way that Stripe payments are created for subscription purchases, it is now possible for customers who choose to checkout using Stripe to purchase a subscription and non-subscription product at the same time. For the mean-time, this feature is limited to when using Stripe at checkout.
Other notable changes
Most of the changes for this release are ‘behind-the-scenes’ changes. There are some other highlights that will likely be of interest for you though.
- Ability to change the text for the link to cancel a subscription.
- Admins can now configure and receive an email when a customer cancels a subscription.
- Fixed a bug that caused PayPal Pro/Express to sometimes handle each other’s IPN calls.
- Added a checkbox to allow cancelling a subscription when refunding a payment.
- Admins can now change the price ID a subscription is associated with, when the product has variable prices.
So what about other gateways?
PayPal Pro
We’ve recently started building out support for PayPal Pro, but at this time we do not have a working integration with Cardinal Commerce, the vendor we’ve chosen to work with. We eagerly await their continued support in helping us become SCA compliant with PayPal Pro.
Braintree
We have added Braintree to our list of gateways to support in the near future. At this time we are researching what it will take to get Braintree SCA support into Easy Digital Downloads, and will communicate when if and when it is ready.
Using WordPress and want to get Easy Digital Downloads for free?
Enter the URL to your WordPress website to install.
Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.
Hi!
I have two very important question about this topic: a) will the plugins be updated in a final stage before Sept, 15th? b) What about active subscriptions? do they need to be updated with a new authentication?
Hey Marco,
The update will be fully released by the time by the 14th. We’ve been running this beta on our sites for nearly a week prior to launching the beta, in order to make sure things were working as expected.
As far as active subscriptions, they will not need to be re-processed with authentication, just new purchases.
Thanks for the timely update!
Is this required by Stripe to only have the one card field in their checkout to be SCA compliant? Is this a technical requirement or is it possible to use individual cardNumber, cardExpiry, and cardCvc fields as well?
Fwiw: I’d prefer having individual fields, with clear labels – not just placeholders, that vanish, once the customer starts typing into the field.
Again, thanks for the update!
Hi Haptiq,
At this time it is a limitation/requirement to have the single field. While there are ways to create individual fields with Stripe Elements, for complexity and being sure we could hit the deadline for SCA in time, we focused on the default and suggested format from Stripe.
I will look into ways we can improve the customization of the fields in a future release.
Hi Chris,
Betatesting here. The upgrade routine triggers this error:
Warning: call_user_func_array() expects parameter 1 to be a valid callback, function ‘edd_upgrades_screen’ not found or invalid function name in /usr/home/web/wp-includes/class-wp-hook.php on line 286
I sent you an email, not sure if you prefer another channel to do this.
It’s Thursday, on Saturday it has to work. You are releasing a Beta for a problem which you could know since months. This really a …
Not happy in any kind.
Hi Frank,
I understand your frustrations. I want to be clear, that we have been working on this for nearly a month and a half for EDD. For our other products as well. We’ve been working directly with Stripe on this to get not just our primary Stripe Gateway working, but also the recurring payments add-on, so that payments will continue to work after the September 14th deadline. I think it’s important to know that we’ve been in contact with Stripe for the last few months, working with their development team, understanding their new API and helping them improve their platform as well.
I’m sorry we’ve not been able to meet your satisfaction and apologize for not communicating with everyone earlier than the last two blog posts. Our primary goal was to have the continued support for Stripe SCA payments so our customer’s sites would not fail to meet the regulations, and that took time to get correct and working in a way we felt comfortable with it.
Thank for your answer. Now, we are working with the newest version. But, we made many “test-payments” with different cards from different banks and card holders , but no one had to authenticate. Is this normal? We tried with 6 different “German” bank cards which in other shops have to authenticate.
Thanks for your answer. Now, we are working with the newest version. But, we made many “test-payments” with different cards from different banks and card holders , but no one had to authenticate. Is this normal? We tried with 6 different “German” bank cards which in other shops have to authenticate.
Hi Chris
On 11. September you wrote you’re running this beta on your sites for nearly a week prior to launching the beta and afterwards you wrote that the update will be fully released by the time by the 14th.
Today is the 12. of September! I suppose I’m not the only one of your paying customers who runs an online shop with several thousand customers itself. Reading your post sounds like a bad joke. SCA has been known for 2 years, especially for you as a provider of online shop software. I can’t believe you to start beta testing only about one week and publishing an update one or two days before the final deadline. Why is that? Can I still assume that you are courageous in the interests of your customers?
When exactly will you provide the final update?
Kind regards, Ramona
Hi Ramona,
I can fully respect your frustrations and feelings like this. We should have done a better job communicating our entire process with our customers, informing them of our progress on the integration. As with many regulatory things like SCA, the plans for it were set in motion nearly 2 years ago. It took quite a while for the gateways to be ready to support it, some of them are just not supporting it. We worked directly with Stripe as they were one of the more vocal and developer friendly platforms that reached out to use to help us get our SCA compliance working. We finally got the support for SCA with Stripe in June when they updated their PHP Library to fully support SCA.
Once we had the updates we got to work, and started building out what is the betas you are looking at now. It was very important that we not just get Stripe SCA compliant but our recurring gateway as well. Releasing one without the other would have been unhelpful to our customers.
We always have the interests of our customers at the forefront of the things we’re doing, which is why we tested this in our live sites first, to make sure we could catch any bugs and not have failed payments on our customers’ site, worked directly with Stripe for the last 5 months so that we could offer a reliable SCA transition, and committed to having both our Recurring Payments and Stripe integration ready by the deadline, instead of just releasing Stripe support.
The development team at Sandhills put in a lot of work on all the SCA releases for all our products and I’m extremely proud of what they have built and how easy the transition has been.
We fully intend to release the final update later today, so please check back shortly.
Thanks for all your hard work! This was no easy task to pull off with such short notice. Can’t wait until 3.0 too, do you have a rough timeline?
@james,
Thank you! The team at Sandhills really put in the work for all of our products. As far as 3.0, we’re going to re-assess now that we’re able to get back to EDD Core development. We pulled all resources to get this first SCA release out.
Do you plan to add support for Stripe’s new Checkout? I know you’re talking about doing something like the old modal, but seems like supporting the new Checkout would be nice. I would prefer to use that than the payment fields in the checkout at the moment, to be honest.
@Eric
We do plan to try and implement some support for it. The main reason for not just swapping out the Checkout from v1 to v2 is primarily because they just are not the same experience.
There are some limitations with the new checkout however, that affect our recurring payments addon. For instance, you cannot purchase multiple subscriptions at the same time via the new checkout interface, so that causes a major hurdle in using it.
SCA still hasn’t been rolled out, right?
Do you plan to add support for Stripe’s new Chargeback Protection? I would be very much interested in this feature as I still get a decent amount of fraudulent payments despite Stripe’s Fraud Radar and your Fraud Monitor plugin. The disputes and fees are very frustrating and I would very much like avoid dealing with many more chargebacks. Thank you.
SCA has been rolled out.
The Chargeback protection from Stripe is only available when using the new Stripe Checkout feature, which we haven’t yet finished. It’s still on our todo list but there’s not an immediate timeframe for it.
Chargebacks are really frustrating. We deal with them as well.
Hi Chris,
Do you have any news on the Braintree gateway update perhaps that you mentioned in the article?
We have been getting messages from Braintree like this – “Our records show that you are using a legacy SDK version that is not compatible with an upcoming update to our root SSL certificate provider for API traffic on May 1, 2020.”
“If you do not update to a compatible SDK by May 1, you may not be able to process payments through your Braintree account until you make the necessary update.”
I reckon this would need to be updated in the Braintree EDD Addon to reflect their API changes?
could you shed some light on this please?
thanks
@petimi,
We actually released the Braintree SDK update prior to May 1st to allow for continued API interactions with the Braintree Gateway.
We’re now planning out the SCA integration and are in active development.