New SCA-ready Payments System

09 Sep 2019

The Downtime Monkey payments system looks super simple but behind the scenes it's not trivial...

  There are 12 Pro plans, each in over 130 currencies giving a total of more than 1500 different subscription plans.

  There are options to upgrade or downgrade with pro-rata costs being calculated on the fly as well as options to change payment methods, auto renew and cancel subscriptions.

  There are also one-time payments for 5 different bundles of SMS alerts, again in over 130 currencies with prices calculated in real time using current global exchange rates.

  The system also handles tax laws in different countries, both for payments by individuals and businesses.

This took several months to develop in 2017 and we're proud to say it worked like clockwork. So when we learned that we'd have to redevelop the system to comply with new SCA regulations you can understand that we weren't overcome with enthusiasm...

climbing the code mountain


What Is SCA?

We'll forgive you if this is the first you've heard of SCA - it's largely flown under the radar compared with the hype of, say, GDPR.

SCA is Strong Customer Authentication and it is soon to be required when taking online payments from customers in the EU.

In theory this means that customers will have to provide two of the following: something only they know (e.g. a pin code), something only they possess (e.g. a private key) or something which identifies who they are (e.g. a fingerprint).

In practice (unless you want to reinvent the wheel while simultaneously causing customers extra hassle) it means implementing "frictionless authentication" via 3D secure 2 or a similar auth process.

Why The Change?

The reasoning behind the new regulations is to reduce online fraud and increase payment security. A noble cause.

However, the work required for small businesses is considerable - it took a full two weeks for us to implement changes to our payment system. Being developers, we were lucky enough to be able to make the changes ourselves but for small businesses who need to hire developers costs would run to thousands.

Also, the system before worked well. To prevent fraud we make use of Stripe Radar, which leverages machine learning to prevent fraudulent payments going through. We also give each payment a 'human check' to make sure it looks legitimate. Using these safeguards there have been exactly zero fraudulent payments accepted at Downtime Monkey.

Further, if a fraudulent payment did get through the we'd be forced to pick up the bill and the card used would be refunded.

When Will Regulations Be Introduced?

Regulations were originally due to be introduced on Saturday 14th September, 2019. The plan was that after Saturday, payments from customers' cards that required authentication would be declined unless SCA was provided.

A wise man once said "the only thing that saves us from the bureaucracy is its inefficiency" and in this case he's been proved true...

Some last minute backtracking has taken place and enforcement of SCA has now be postponed by many national regulators. All countries that have responded have opted for a delay of up to 18 months - responses are still ongoing and the latest information can be found here.

New Payments System

Despite the announced delays we have gone ahead and updated the main payment pages on Downtime Monkey to be SCA compliant.

Both one-time payments and payments for new subscriptions have been updated.

We haven't yet updated pages for upgrades, downgrades or card changes because our payment processor doesn't have a good solution in place for this yet. We will make sure these are updated by the date of the new deadline (expected March 2021).

Will I Notice The Difference?

Almost entirely no... all Downtime Monkey payment pages look exactly the same as before and if you already have a subscription, payments will continue as normal.

A very small number of EU customers may have their card authenticated using 3D secure in one extra step at checkout although we don't expect to see this happen until March 2021.

We're now happy to be back working on some features that you will actually notice! Watch this space...