New SCA-ready Payments System

09 Sep 2019

The Downtime Monkey payments system looks super simple but behind the scenes it's not trivial...

  There are 12 Pro plans, each in over 130 currencies giving a total of more than 1500 different subscription plans.

  There are options to upgrade or downgrade with pro-rata costs being calculated on the fly as well as options to change payment methods, auto renew and cancel subscriptions.

  There are also one-time payments for 5 different bundles of SMS alerts, again in over 130 currencies with prices calculated in real time using current global exchange rates.

  The system also handles tax laws in different countries, both for payments by individuals and businesses.

This took several months to develop in 2017 and we're proud to say it worked like clockwork. So when we learned that we'd have to redevelop the system to comply with new SCA regulations you can understand that we weren't overcome with enthusiasm...

climbing the code mountain

What Is SCA?

We'll forgive you if this is the first you've heard of SCA - it's largely flown under the radar compared with the hype of, say, GDPR.

SCA is Strong Customer Authentication and it is soon to be required when taking online payments from customers in the EU.

In theory this means that customers will have to provide two of the following: something only they know (e.g. a pin code), something only they possess (e.g. a private key) or something which identifies who they are (e.g. a fingerprint).

In practice (unless you want to reinvent the wheel while simultaneously causing customers extra hassle) it means implementing "frictionless authentication" via 3D secure 2 or a similar auth process.

Why The Change?

The reasoning behind the new regulations is to reduce online fraud and increase payment security. A noble cause.

However, the work required for small businesses is considerable - it took a full two weeks for us to implement changes to our payment system. Being developers, we were lucky enough to be able to make the changes ourselves but for small businesses who need to hire developers costs would run to thousands.

Also, the system before worked well. To prevent fraud we make use of Stripe Radar, which leverages machine learning to prevent fraudulent payments going through. We also give each payment a 'human check' to make sure it looks legitimate. Using these safeguards there have been exactly zero fraudulent payments accepted at Downtime Monkey.

Further, if a fraudulent payment did get through the we'd be forced to pick up the bill and the card used would be refunded.

When Will Regulations Be Introduced?

Regulations were originally due to be introduced on Saturday 14th September, 2019. The plan was that after Saturday, payments from customers' cards that required authentication would be declined unless SCA was provided.

A wise man once said "the only thing that saves us from the bureaucracy is its inefficiency" and in this case he's been proved true...

Some last minute backtracking has taken place and enforcement of SCA has now be postponed by many national regulators. All countries that have responded have opted for a delay of up to 18 months - responses are still ongoing and the latest information can be found here.

New Payments System

Despite the announced delays we have gone ahead and updated the main payment pages on Downtime Monkey to be SCA compliant.

Both one-time payments and payments for new subscriptions have been updated.

We haven't yet updated pages for upgrades, downgrades or card changes because our payment processor doesn't have a good solution in place for this yet. We will make sure these are updated by the date of the new deadline (expected March 2021).

Will I Notice The Difference?

Almost entirely no... all Downtime Monkey payment pages look exactly the same as before and if you already have a subscription, payments will continue as normal.

A very small number of EU customers may have their card authenticated using 3D secure in one extra step at checkout although we don't expect to see this happen until March 2021.

We're now happy to be back working on some features that you will actually notice! Watch this space...

All Posts

 Website Monitoring Prices Compared

 Scheduled Maintenance 17th June 2021

 US Text Alerts Updated For 10DLC

 A Quick Study Of Response Time

 'Early-bird' Discount Ends November

 Downtime Logs... All In One Place

 Timestamps On Downtime Alerts

 Stats At A Glance

 The Effects Of COVID-19 Lockdowns

 Lockdown Bugfixes & Midnight Coding

 Greatly Reduced Server Loads

 Monitoring URLs With Query Strings

 New Year's Carbon Offsetting

 Keeping Your Web Host Honest

 New Pro Plans For EU Individuals

 New Downtime Alert Options

 New SMS Provider for the US

 Free & Pro Monitoring Compared

 New SCA-ready Payments System

 Global Website Monitoring

 Downtime Alerts: An Ideal Custom Setup

 Server Upgrade & IP Address Change

 Website Monitoring: Cheap vs Free

 Improvements & Bugfixes

 Website Content (Keyword) Monitoring

 Cheap Website Monitoring Pro Plans

 Spring Cleaning = Bug Fixing

 Bug Found & Fixed

 Server Upgrade Scheduled Completed

 Whitelist Email Addresses in cPanel

 Monitoring Software Awards

 Website Downtime Alerts To Slack

 Whitelist Email Addresses: Thunderbird

 Monitor Response Time

 Whitelist Email Addresses in Yahoo Mail

 How we improved accessibility by 42%

 Whitelist Email Addresses in Outlook

 Whitelist Email Addresses In Gmail

 Why Whitelist An Email Address?

 User Interface Improvements

 Free Email Support For All

 When is a website considered down

 Bulk import, edit and delete monitors

 Privacy, democracy & bureaucracy

 How Much Downtime is Acceptable?

 Feature: Custom Alert Times

 Server Upgrade Scheduled Completed

 Free Plan Upgraded to 60 Monitors

 New Feature: Rate Limit SMS Alerts

 How We Boosted Page Speed By 58%

 How To Reduce Website Downtime

 Making the Monkey

 How To Monitor A Website

 5 Tips for Website Internationalisation

 We're Live...

 Initial Development Completed