#Niek

Hi there 👋

I'm working on thinking through this.

👋 stepping in as toby needed to step away

Yeah my recommendation here would be to create/confirm a SetupIntent server-side and see how many move to requires_action

Thanks for the confirmation. Do you have any metrics about how many we may expect to require the 3DS verification? This must be a common screnario with high risk of churn, we should not be the only team having to go through this?

Are you EMEA-based or do you have a lot of EMEA customers?

Err actually sorry, it would only matter for SCA if both of those are true.

Yes we are EMEA (EU) based and almost all of our customers should be based there as well

Then yes, all of your customers are affected as SCA requires that 3DS is completed for EU businesses with EU customers

https://stripe.com/docs/strong-customer-authentication

My recommendation would be to set up a way to bring your customers back on-session to complete 3DS when you make this update

(Also I assume in your original post you meant 100% not 10%?)

We currently have a discount of 10% attached to all subscriptions. We will remove this discount, so they will have to pay the full price from then on.

Oh? But they are already paying?

Correct. For the existing payment methods there was no need to go through this 3DS verification as long as the subscription doesn't change.

We already ran into this require_action issue when some of customers changed the period of their subscription from monthly to yearly.

Got it got it, yeah okay that will fall under the fixed-amount Subscription changes we note here: https://support.stripe.com/questions/strong-customer-authentication-(sca)-exemptions-for-recurring-charges-with-stripe-billing

So yeah, this goes back to what I stated before. The most important thing here will be to have a system set up to bring your customers back on-session and have them complete 3DS

To get a sense of how many require you could certainly use a SetupIntent as discussed. But mostly you should assume just about all of your customers will run into this due to SCA

Ok thanks for your insights, highly appreciated!

Thanks for the link as well, I hadn't seen this document. I hadn't found too much info so far on how to do this kind of migration.

I will pro-actively show a notification whenever my customers come online, and hope they will do the verification before changing the subscription

Yeah it is definitely a bit tough at this point since these are older payment methods.

Yep that's a great call.

Running them through a SetupIntent if you can get them on-session before the update would be a good way to go

Reading through https://stripe.com/en-be/guides/strong-customer-authentication I was under the impression that once a credit card (source or payment method) has gone through a 3DS verification during the initial setup, the first (and all subsequent) payment - which happens off-session for subscriptions with trials - should go through without an additional verification. However, the document says "SCA is required for the customer’s first payment". Does this mean that bringing my customer on-session for the 3DS verification pro-actively would not help prevent the require_action for the first (off-session) payment?

It does, yes.

It would be just like setting up the PaymentMethod with a SetupIntent at the beginning of a Subscription that is on trial.

So it does help to do this proactively

It is always still possible that the issuer requires 3DS at any point, but we will apply for the SCA exemption if the PaymentMethod has already been set up prior to the charge

Ok thanks, I read the above line under the section "Fixed-amount subscriptions". But in the section "Merchant-initiated transactions (including variable subscriptions)" it seems to confirm our above strategy: "To use merchant-initiated transactions, you need to authenticate the card either when it’s being saved or on the first payment. "

Yeah I understand how those seem a little contradictory

But as long as the PaymentMethod was set up ahead of time then it should trigger the SCA exemption

ok perfect, thanks again fo the help!

Hello! I'm taking over and catching up...