Strong Customer Authentication

Frequently Asked Questions

Please read through the important information below regarding the Strong Customer Authentication regulation being introduced on 14 September 2019.

1. What is Strong Customer Authentication?

Strong Customer Authentication (SCA) is a new European requirement created to reduce fraud and make online payments more secure. From 14 September 2019, when an individual with a card issued in the European Economic Area (EEA) makes a payment online, extra levels of authentication will be required at the time of the transaction. As fraud methods are constantly changing, the aim of SCA is to reduce fraud, provide added security to online payments, and act as a “frictionless authentication,” improving the donation experience and providing security against the emergence of new online payment threats.

SCA applies to donations and paid event registrations, memberships or sponsorships, and any other online payments.

Failure to adhere to SCA will result in the rejection of donations by financial institutions across the European Economic Area (EEA).

2. What changes will this require?

In the past, supporters could simply enter their card number and a CVC verification code, but with the revised EU Payment Services Directive (PSD2), more information will be required at the time of payment. A new specification, 3D Secure 2.0, has been introduced to make it easier to collect SCA information at the time of the transaction. From 14 September onward, authentication must include two or more of the following:

  • Something you know, such as a password or secret fact
  • Something you own, such as a mobile phone or token
  • Something you are, such as a fingerprint or voice pattern

Whilst the number of required data points is increasing, more customer choice should mean better authentication experiences and less drop-offs!

Ensuring that the data points collected dynamically link the transactions to the amount specified by the donor when initiating the transaction.

SCA Diagram

3. Are any organisations exempt from the changes?

Those transactions where the card issuer is not based in Europe are exempt. Certain low value and low risk transactions will also be exempt from SCA, as will recurring transactions with a fixed amount (from the second transaction onwards).

Whilst the regulation directly affects EU organisations, some European banks may require SCA for organisations outside of Europe when transacting with their customers. Furthermore, it is expected that most banks around the world will adopt the new standards over time. Note that we do expect SCA regulation to be enforced in the UK, regardless of the outcome of Brexit.

4. What is Blackbaud doing in response?

Blackbaud is committed to ensuring that its solutions are not only compliant with this new regulation, but also deliver great experiences for supporters.

For example, Blackbaud Checkout provides a fully mobile-responsive, dynamic and secure payment journey that will be SCA-ready and designed with your constituents in mind. We have already added this new checkout experience onto several forms, and will enhance further features across the latest versions of our digital solutions over the coming months.

5. How is my Blackbaud solution affected?

If you use one or more of eTapestry, Online Express, Blackbaud NetCommunity, Blackbaud Internet Solutions, Luminate Online, TeamRaiser, JustGiving, everydayhero, or the Payments API today, then we will update you in the next few weeks with the specific SCA details for your product(s), including any key timelines for releases, what you may need to do to implement these regulatory changes, and the support and services available should you need them.

6. Which payment gateway will support Strong Customer Authentication?

Blackbaud will support SCA in Blackbaud Merchant Services (BBMS) via Blackbaud Checkout. BBMS is our end-to-end payment processing solution and the one chosen by nearly all customers. If your organisation uses a third-party gateway, you will need to transition your online forms to BBMS in advance of the 14 September deadline. More details on when and how you can do this in your Blackbaud solution will be provided here soon.

7. Why is Blackbaud focusing effort on BBMS rather than other payment gateways?

Support for the Strong Customer Authentication (SCA) regulations requires considerable development effort. Given the scope of the work to be compliant with SCA, we are focusing our efforts on getting the primary payments platform used by the vast majority of our clients updated quickly and implementing changes in each of our solutions to the support these new requirements.

By focusing that effort on BBMS — which was created specifically for the social good community — we can help you adhere to the requirements while providing your constituents with a seamless payment experience. This experience includes value-added features, such as digital wallets, online fraud protection, payments API, credit card updater, point to point encryption, simple reconciliation, one call for all payment & application support and soon direct debit (BACS) transaction processing. It also includes integration with Blackbaud software that is not available through other payment gateways.

The innovations available from BBMS now — and those featured on our product roadmap — will protect your constituents and ultimately allow your organisation to enhance fundraising.

8. I am not using BBMS in my Blackbaud solutions, how should I best prepare?

Move to Blackbaud Merchant Services (BBMS) and Blackbaud Checkout to ensure your transactions continue to process. If you continue to use a third-party gateway, we expect that card issuers will decline those beginning 14 September 2019. To learn more about BBMS, please visit

9. How do I find out more?

Please look for further information from Blackbaud in your inbox over the coming weeks. We will also post updates at

10. How do I learn more about my specific Blackbaud products?

If you own a Blackbaud product, please click on the links below to find out more on how a specific product may be impacted