New SCA-ready Payments System
09 Sep 2019
The Downtime Monkey payments system looks super simple but behind the scenes it's not trivial...
There are 12 Pro plans, each in over 130 currencies giving a total of more than 1500 different subscription plans.
There are options to upgrade or downgrade with pro-rata costs being calculated on the fly as well as options to change payment methods, auto renew and cancel subscriptions.
There are also one-time payments for 5 different bundles of SMS alerts, again in over 130 currencies with prices calculated in real time using current global exchange rates.
The system also handles tax laws in different countries, both for payments by individuals and businesses.
This took several months to develop in 2017 and we're proud to say it worked like clockwork. So when we learned that we'd have to redevelop the system to comply with new SCA regulations you can understand that we weren't overcome with enthusiasm...
What Is SCA?
We'll forgive you if this is the first you've heard of SCA - it's largely flown under the radar compared with the hype of, say, GDPR.
SCA is Strong Customer Authentication and it is soon to be required when taking online payments from customers in the EU.
In theory this means that customers will have to provide two of the following: something only they know (e.g. a pin code), something only they possess (e.g. a private key) or something which identifies who they are (e.g. a fingerprint).
In practice (unless you want to reinvent the wheel while simultaneously causing customers extra hassle) it means implementing "frictionless authentication" via 3D secure 2 or a similar auth process.
Why The Change?
The reasoning behind the new regulations is to reduce online fraud and increase payment security. A noble cause.
However, the work required for small businesses is considerable - it took a full two weeks for us to implement changes to our payment system. Being developers, we were lucky enough to be able to make the changes ourselves but for small businesses who need to hire developers costs would run to thousands.
Also, the system before worked well. To prevent fraud we make use of Stripe Radar, which leverages machine learning to prevent fraudulent payments going through. We also give each payment a 'human check' to make sure it looks legitimate. Using these safeguards there have been exactly zero fraudulent payments accepted at Downtime Monkey.
Further, if a fraudulent payment did get through the we'd be forced to pick up the bill and the card used would be refunded.
When Will Regulations Be Introduced?
Regulations were originally due to be introduced on Saturday 14th September, 2019. The plan was that after Saturday, payments from customers' cards that required authentication would be declined unless SCA was provided.
A wise man once said "the only thing that saves us from the bureaucracy is its inefficiency" and in this case he's been proved true...
Some last minute backtracking has taken place and enforcement of SCA has now be postponed by many national regulators. All countries that have responded have opted for a delay of up to 18 months - responses are still ongoing and the latest information can be found here.
New Payments System
Despite the announced delays we have gone ahead and updated the main payment pages on Downtime Monkey to be SCA compliant.
Both one-time payments and payments for new subscriptions have been updated.
We haven't yet updated pages for upgrades, downgrades or card changes because our payment processor doesn't have a good solution in place for this yet. We will make sure these are updated by the date of the new deadline (expected March 2021).
Will I Notice The Difference?
Almost entirely no... all Downtime Monkey payment pages look exactly the same as before and if you already have a subscription, payments will continue as normal.
A very small number of EU customers may have their card authenticated using 3D secure in one extra step at checkout although we don't expect to see this happen until March 2021.
We're now happy to be back working on some features that you will actually notice! Watch this space...
Website Monitoring Prices Compared
Scheduled Maintenance 17th June 2021
US Text Alerts Updated For 10DLC
A Quick Study Of Response Time
'Early-bird' Discount Ends November
Downtime Logs... All In One Place
The Effects Of COVID-19 Lockdowns
Lockdown Bugfixes & Midnight Coding
Monitoring URLs With Query Strings
New Pro Plans For EU Individuals
Free & Pro Monitoring Compared
Downtime Alerts: An Ideal Custom Setup
Server Upgrade & IP Address Change
Website Monitoring: Cheap vs Free
Website Content (Keyword) Monitoring
Cheap Website Monitoring Pro Plans
Server Upgrade Scheduled Completed
Whitelist Email Addresses in cPanel
Website Downtime Alerts To Slack
Whitelist Email Addresses: Thunderbird
Whitelist Email Addresses in Yahoo Mail
How we improved accessibility by 42%
Whitelist Email Addresses in Outlook
Whitelist Email Addresses In Gmail
Why Whitelist An Email Address?
When is a website considered down
Bulk import, edit and delete monitors
Privacy, democracy & bureaucracy
How Much Downtime is Acceptable?
Server Upgrade Scheduled Completed
Free Plan Upgraded to 60 Monitors
New Feature: Rate Limit SMS Alerts
How We Boosted Page Speed By 58%
How To Reduce Website Downtime
5 Tips for Website Internationalisation