f2fs 设置stripe_欧洲如何在PSD2下使用Stripe实现3DS2的SCA合规性

f2fs 设置stripe

什么是PSD2，SCA和3DS？ (What are PSD2, SCA, and 3DS?)

PSD2 (PSD2)

The second Payment Services Directive (PSD2) is an EU directive announced in 2015. The goal of PSD2 is to protect people when they pay online, promote open banking, and make cross-border European payment services safer. It went into effect September of 2019.

第二个支付服务指令(PSD2)是2015年发布的欧盟指令。PSD2的目标是保护人们在网上支付时的利益，促进开放式银行业务以及使跨境欧洲支付服务更安全。 它于2019年9月生效。

爱生雅 (SCA)

Strong Customer Authentication (SCA) is a requirement of the PSD2 that ensures online payments are performed with multi-factor authentication to increase the security of online payments. Even though PSD2 was enacted in September of 2019, SCA has been delayed by 18 months to allow merchants and banks more time to implement solutions.

强大的客户身份验证(SCA)是PSD2的要求 ，可确保使用多因素身份验证执行在线支付，以提高在线支付的安全性。 尽管PSD2于2019年9月颁布，但SCA被延迟了18个月，以使商家和银行有更多时间实施解决方案。

3DS2 (3DS2)

3-D Secure 2.0 (3DS2) is the second iteration of the 3DS, used to power brand-name systems such as Visa Secure, Mastercard Identity Check, and American Express SafeKey. It was designed to reduce fraud and provide added security to online payments and supported by many major banks.

3-D Secure 2.0(3DS2)是3DS的第二个版本，用于为诸如Visa Secure ， Mastercard Identity Check和American Express SafeKey之类的品牌系统提供动力 。 它旨在减少欺诈并为在线支付提供更多安全性，并得到许多主要银行的支持。

3DS2 is considered an SCA compliant solution. If your business implements 3DS2, you will no longer be in danger of having your charges declined by banks.

3DS2被认为是SCA兼容解决方案。 如果您的企业实施3DS2，您将不再有银行拒绝您的费用的危险。

SCA是否会影响您的SaaS业务？ (Does SCA affect your SaaS business?)

SCA is considered in-effect on all e-commerce payments when both:

在以下两种情况下，SCA被认为对所有电子商务付款均有效：

• The business is in the EU
  业务在欧盟
• The customer's bank is in the EU
  客户的银行在欧盟

If SCA applies to you and you do not authenticate your customer's transactions you risk having charges declined by banks.

如果SCA适用于您，并且您不对客户的交易进行身份验证，则银行可能会拒绝收取费用 。

There are exemptions for several types of transactions defined in Articles 12-18 of the PSD2. As a SaaS company, the most critical exception to note is Article 13. This article states that recurring transactions do not need to be subject to SCA. What this means is that you only need to have an SCA implementation to handle the initial creation of a subscription and not the subsequent recurring charges.

PSD2第12至18条定义了几种交易类型的豁免。 作为SaaS公司，需要注意的最关键例外是第13条。该条指出，定期交易不需要遵守SCA。 这意味着您只需要具有SCA实现即可处理订阅的初始创建，而无需后续的经常性费用。

If you are interested in reading a breakdown of the other exemptions and how they may apply to you, Stripe goes into depth on each here.

如果您有兴趣阅读其他免税项目的细目分类以及它们对您的适用方式，那么Stripe将在这里深入探讨每一项。

即使您不在欧洲，也应该做好SCA的准备吗？ (Should you be SCA-ready even if you aren't in Europe?)

There are benefits to implementing a solution such as 3DS2, even if you aren't affected by PSD2 or SCA. By implementing 3DS2, you will handle customer information in a much more secure manner, as well as shifting liability from you to the card issuer, reducing the risk of chargebacks.

即使您不受PSD2或SCA的影响，实施3DS2之类的解决方案也有好处。 通过实施3DS2，您将以更加安全的方式处理客户信息，并将责任从您转移到发卡机构，从而降低了退款的风险。

您如何成为SCA兼容的？ (How do you become SCA compliant?)

Being SCA compliant as a SaaS means that all online payments are authorized using two of the three elements,

符合SCA作为SaaS的要求意味着所有在线支付均使用以下三个要素中的两个进行授权，

As I mentioned before, 3DS2 is an SCA-compliant solution. Drop-in solutions such as Servicebot, PayPal, and Stripe Checkout already use 3DS2 and are therefore SCA-compliant. If you are using a custom-built solution using something like Stripe Billing or Braintree to manage your subscriptions, you will need to develop a 3DS2 implementation.

如前所述，3DS2是符合SCA的解决方案。 诸如Servicebot ，PayPal和Stripe Checkout之类的嵌入式解决方案已经使用3DS2，因此符合SCA。 如果您正在使用使用诸如Stripe Billing或Braintree之类的定制解决方案来管理订阅，则需要开发3DS2实现。

您如何使用Stripe Billing实施3DS2？ (How do you implement 3DS2 using Stripe Billing?)

Stripe has created two new objects as part of offering an SCA-compliant solution, PaymentIntent and SetupIntent, to facilitate using 3DS2. A PaymentIntent represents the intent to charge someone and is used as part of a payment authentication flow. SetupIntents are similar to PaymentIntents, but they represent the intent to charge someone's card eventually. You will use SetupIntents if your SaaS has a free trial, or offers a free tier, essentially anywhere a credit card will be charged at a later date.

Stripe创建了两个新对象，作为提供SCA兼容解决方案的一部分，PaymentIntent和SetupIntent，以方便使用3DS2。 PaymentIntent表示向某人收费的意图，并用作付款身份验证流程的一部分。 SetupIntents与PaymentIntents相似，但是它们表示最终向某人的卡收费的意图。 如果您的SaaS可以免费试用或提供免费套餐，那么您将使用SetupIntents，基本上可以在以后收取信用卡费用的任何地方使用。

使用PaymentIntents (Using PaymentIntents)

If you are using Stripe Billing to create subscriptions, you are already using PaymentIntents by default. They are created and attached to each invoice for every new subscription. If you want to know if a new subscription requires SCA, you can check the status of the payment_intent on the latest_invoice of the subscription. The object will contain a status of requires_action - Run the following NodeJS code to see it in action.

如果您正在使用Stripe Billing创建订阅，则默认情况下已经在使用PaymentIntents。 将为每个新订阅创建它们并将其附加到每个发票。 如果您想知道新订阅是否需要SCA，则可以在订阅的latest_invoice上查看payment_intent的状态。 对象将包含一个status的requires_action -运行下面的代码的NodeJS看到它在行动。

此代码创建需要SCA的订阅 (This code creates a subscription that requires SCA)

const STRIPE_TEST_SECRET_KEY = "rk_test_3U9s3aPLquPOczvc4FVRQKdo00AhMZlMIE";
let stripe = require("stripe")(STRIPE_TEST_SECRET_KEY);
const sub = await stripe.subscriptions.create({ //creates a SCA-required subscription
    items: [{plan : "plan_FvnU01xoIPrg9l"}], //$300 per month plan without free trial
    customer: "cus_G0juGVZSLskx57",
    default_payment_method: "pm_1FUiR8CISNxwKLmI8uIQDdnv", //This PaymentMethod always requires SCA
    expand: ["latest_invoice.payment_intent"] //we expand the payload to show up the payment intent
});
const paymentIntent = sub.latest_invoice.payment_intent;
console.log(`Subscription Status: ${sub.status}`);
console.log(`PaymentIntent Status: ${paymentIntent.status}`)
console.log(paymentIntent.status === "requires_action" ? "SCA Required" : "No SCA Required");
console.log(sub);

Once you know you have a subscription that requires authentication, you can use the PaymentIntent's client_secret on the browser to start a 3DS2 Authentication process using Stripe.js

知道需要进行身份验证的订阅后，就可以在浏览器上使用PaymentIntent的client_secret来使用Stripe.js启动3DS2身份验证过程

使用Stripe.js handleCardPayment和PaymentIntent (Using Stripe.js handleCardPayment with the PaymentIntent)

Stripe.js has a handy function called handleCardPayment, which takes in a client secret from a payment intent and starts the 3DS2 process to authenticate the payment.

Stripe.js具有一个方便的功能，称为handleCardPayment ，该功能从付款意图中获取客户机密，并启动3DS2流程以验证付款。

await stripe.handleCardPayment('PAYMENTINTENT_SECRET');

You can see this in action here

您可以在这里看到实际效果

Once the customer authenticates, the subscription will move from an incomplete state to an active one, and the customer will be billed successfully.

客户进行身份验证后，订阅将从incomplete状态转变为active ，并且将成功向客户计费。

设置意图 (SetupIntents)

As a SaaS business, you will mostly be interacting with SetupIntents if you are either using a Free-tier or give a Free trial. When someone enters a credit card, for one of these subscriptions, you will see a pending_setup_intent on the subscription object. The SetupIntent's client_secret should be passed to the front-end so that Stripe.js can start the 3DS2 authentication flow.

作为SaaS业务，如果您正在使用免费套餐或进行免费试用，则大多数情况下将与SetupIntents进行交互。 当某人输入信用卡时，对于这些订阅之一，您将在订阅对象上看到“ pending_setup_intent ”。 应该将SetupIntent的client_secret传递到前端，以便Stripe.js可以启动3DS2身份验证流。

结合使用Stripe.js handleCardSetup和SetupIntent (Using Stripe.js handleCardSetup with the SetupIntent)

This is  basically identical to how we handled the PaymentIntent, except we call handleCardSetup instead

这与我们处理PaymentIntent的方式基本相同，除了我们调用handleCardSetup

await stripe.handleCardSetup('{SETUP_INTENT_CLIENT_SECRET}')

You can see a SetupIntent SCA Flow in action below.

您可以在下面看到运行中的SetupIntent SCA流。

Once authentication completes, the customer can be moved to a paid plan later or have their card charged after a free trial is over.

身份验证完成后，客户可以稍后转移到付费计划，也可以在免费试用期结束后从他们的卡中扣款。

无代码替代 (No-code alternative)

If you are looking for an SCA-compliant solution for Stripe Billing without having to deal with the 3DS2 integration development, check out Servicebot. We provide a drop-in UI for SaaS companies using Stripe, which is SCA-compliant out-of-the-box! Want to see it in action? Check out this demo and use the test card 4000002760003184 (any Expiration and CVC).

如果您在寻找与SCA兼容的Stripe Billing解决方案，而不必处理3DS2集成开发，请查看Servicebot 。 我们为使用Stripe的SaaS公司提供了一个嵌入式UI，它是SCA兼容的现成的！ 想要看到它的实际效果吗？ 查看此演示并使用测试卡4000002760003184 (任何到期日和CVC)。

翻译自: https://www.freecodecamp.org/news/implement-3ds2-for-your-saas-using-stripe-billing-and-be-sca-compliant-for-pds2/

f2fs 设置stripe