Our v2.1 Release Candidate 1 is now available and includes SCA updates for the Stripe gateway. This update includes a major overhaul to our Stripe gateway, which now uses the Stripe Elements and PaymentIntents APIs.
You can begin the testing process now and ensure there will be no issues with your membership site’s compliance when the SCA regulation is in place.
We plan to push this release to the WordPress.org repository on September 13, 2019. You will then be able to upgrade automatically from your WordPress dashboard.
We are actively working on a v2.2 release, containing the SCA updates for Braintree. We hope to push that release as soon as possible this month.
Other gateways either do not require SCA updates or will be addressed later.
Continue reading for more details on how each gateway is specifically handling the SCA requirements and other frequently asked questions.
What is Secure Customer Authentication or SCA?
We wrote up a primer on SCA (a.k.a. PSD2, a.k.a. 3DS) a little while back. In general, 3-D Secure™ (3DS) is a payment authentication protocol that authenticates a card holder through their card issuer. Transactions that have been validated through 3DS are less likely to be fraudulent, meaning fewer chargebacks for you as the merchant and more protection for your customers and their payment data. Full SCA regulation will go into effect for EU on September 14, 2019, although several countries such as UK and Germany have extended the deadline following the European Banking Authority’s recommendation.
Stripe is maintaining a list of national regulators that are postponing the SCA enforcement date for select banks and payment providers. Please refer to the article for official public statements from each national regulator related to their enforcement timeline.
SCA Compliance and Your Primary Gateway
The sections below provide more details for each payment gateway that we integrate with. Find your primary gateway in the list below to see how this upcoming regulation will affect your membership site.
Stripe
We have updated PMPro to work with Stripe.js v3
and Stripe Elements
. This move not only handles immediate SCA challenges, but also sets us up for further improvements in our Stripe integration. The v2.1-Beta2 includes these updates and can be tested now. We do not recommend using this prerelease on production websites.
To make sure you are ready, carefully test this prerelease on a staging site, update PMPro when the full 2.1 release is launched, and update Stripe to use the latest version of their API in the Stripe dashboard. Remember to take necessary precautions when setting up a staging site as activity on a staging site can impact your live site data. This article by Andrew covers how to safely use PMPro in a staging environment.
Braintree
We are in the process of updating our integration with Braintree to support their SCA implementation. We will release a v2.1-Beta3 when the Braintree updates are ready to test.
3DS 2.0 is enabled on all Braintree sandbox accounts by default. Non-EU merchants will have to contact Braintree to enable 3DS 2.0 for production accounts.
To make sure you are ready, confirm your 3DS 2.0 setup in your Braintree account, and update PMPro when the full 2.1 release is launched.
PayPal Website Payments Pro (deprecated in v2.10+)
We are in the process of updating our integration with PayPal to support their SCA implementation for Website Payments Pro. We will release a v2.1-Beta3 when the PayPal updates are ready to test.
To enable SCA for Website Payments Pro, you will have to:
- Register a Cardinal Commerce account.
- Enable 3D Secure from the Memberships > Settings > Payment Settings tab in the WordPress admin dashboard.
- Copy the required Cardinal Commerce data fields and paste them into the settings in PMPro.
We will publish more detailed steps before the full v2.1 release. Please see PayPal’s SCA guide for more information.
PayPal Payflow Pro
We are in the process of updating our integration with PayPal to support their SCA implementation for Payflow Pro. We will release a v2.1-Beta3 when the PayPal updates are ready to test.
To enable SCA for Payflow Pro, you will have to:
- Register a Cardinal Commerce account.
- Enable 3D Secure from the Memberships > Settings > Payment Settings tab in the WordPress admin dashboard.
- Copy the required Cardinal Commerce data fields and paste them into the settings in PMPro.
We will publish more detailed steps before the full v2.1 release. Please see PayPal’s SCA guide for more information.
PayPal Express
Since PayPal Express checkout happens mostly on the PayPal side, there are no required updates to the PMPro code or your site. Users checking out with PayPal may receive an SCA challenge in PayPal. We strongly recommend reviewing the changes to the v2.1 release and updating your version of Paid Memberships Pro when the full release is published.
PayPal Standard
Since PayPal Standard checkout happens mostly on the PayPal side, there are no required updates to the PMPro code or your site. Users checking out with PayPal may receive an SCA challenge in PayPal. We strongly recommend reviewing the changes to the v2.1 release and updating your version of Paid Memberships Pro when the full release is published.
Authorize.net
Initially, Authorize.net released a notice that recommended users with EU customers migrate to Cybersource to support SCA requirements. We instead suggest you take this opportunity to migrate to Stripe if you are able.
Currently, Authorize.net has announced support for Cardinal Commerce. The details of implementing Cardinal Commerce support for Authorize.net are similar to the updates we are doing for Payflow Pro, but we have not yet started work on this integration.
If we are able to, we will include this support in the v2.1 release by September 14, 2019, but we may not hit that date for the Authorize.net updates. We will push a point release update as soon as possible.
Check this Article for Future Updates
We will continue to update this article and the documentation for each gateway we offer over the next several weeks. If you have specific questions about your site and SCA regulations, please reach out to us via the contact form. Developers can follow the updates on the v2.1 branch of our GitHub repository.
The current list of v2.1 RC1 changes is detailed below:
-
- FEATURE: Updated Stripe integration to support Stripe v3, Stripe Elements, and their Secure Customer Authorization process.
- FEATURE: Updated how we store prices to support up to 8 decimals (e.g. for Bitcoin gateway implementations).
- ENHANCEMENT: Improved error messaging on the update billing page when a gateway does not support it or the user’s current membership does not have a subscription.
- ENHANCEMENT: Added a
pmpro_is_checkout()
function that will return true if on the PMPro checkout page or a page with the PMPro checkout shortcode or block. - ENHANCEMENT: Showing a warning message when a user about to be deleted has a membership so admins know that existing subscriptions will be deleted at the gateway.
- ENHANCEMENT: Added a
pmpro_braintree_plan_id
filter in case you need to adjust plan IDs. This is useful if you have several sites running on the same Braintree account. - ENHANCEMENT: Added a
pmpro_num_expiration_years
filter to adjust the number of years to include in the dropdown to set the year membership will expire. - ENHANCEMENT: Tweaked the UI of the orders list and members list in the dashboard.
- ENHANCEMENT: Added
pmpro_membership_levels_table_extra_cols_header
andpmpro_membership_levels_table_extra_cols_body
hooks to add columns to the members list. - ENHANCEMENT: Showing notices to admins when categories are hidden from them on the frontend of the site.
- ENHANCEMENT: Added a
pmpro_url
filter to filter URLs returned from that function. - ENHANCEMENT: Adding a
pmpro_checkout_gateway-stripe
orpmpro_checkout_gateway-paypal
etc. CSS class to the wrapping div for payment fields to aid in styling. - ENHANCEMENT: Using the site’s date format option when printing orders.
- BUG FIX/ENHANCEMENT: If a site has no paying levels, the test gateway will show as the “Default” gateway and we will no longer show a message about requiring gateway setup on the checkout page.
- BUG FIX/ENHANCEMENT: Updated Russian Ruble definition to have 0 decimals and use a non-breaking space as the thousands separator. (Thanks, Airat Halitov)
- BUG FIX/ENHANCEMENT: Using
add_query_arg
when generating IPN URLs to avoid issues on sites that aren’t using pretty permalinks or have moved their admin directory. - BUG FIX/ENHANCEMENT: Fixed issue on advanced settings page where clicking on labels didn’t check the corresponding check boxes.
- BUG FIX/ENHANCEMENT: Updated our
pmpro_generateUsername()
function to be a bit smarter. - BUG FIX/ENHANCEMENT: Now using
wp_generate_password()
when choosing a random password for a user (e.g. when using the Sign Up Shortcode add on or the$skip_account_fields
global). - BUG FIX/ENHANCEMENT: Setting autocomplete to false on the “fullname” honeypot field. This will prevent user’s with certain autocomplete tools from accidentally filling it out.
- BUG FIX/EHNANCEMENT: Now sending name and email fields to PayPay (using Website Payments Pro) even if no address was captured.
- BUG FIX/ENHANCEMENT: More specific CSS selectors for checkout form elements to make sure errors are highlighted/etc with different themes.
- BUG FIX: Fixed issue where the first 2000 or so orders might be skipped when exporting orders on large sites.
- BUG FIX: Fixed issue with setting custom trials on discount codes.
- BUG FIX: Fixed issue in the SQL query in the
pmpro_calculateInitialPaymentRevenue()
function. This function is deprecated, but still used by some custom code. - BUG FIX: Fixed issue where default templates would fail to load if a custom template was specified.
- BUG FIX: Fixed fatal errors that could happen when using the PMPro REST API endpoints.
- BUG FIX: Fixed bug where the invoices page would sometimes show data for the current (admin) users instead of the user the invoice was for.
- BUG FIX: Fixed bug where the membership stats graphs would sometimes show up blank.
- BUG FIX: Now falling back to using readfile() if fpassthru() doesn’t existing.
- BUG FIX: Fixed issue where the from name and email were not set properly if the Only Filter PMPro Emails setting was checked. (Thanks, mjulian87 on GitHub)
- REFACTOR: Moved JavaScript out of
pages/checkout.php
and other places into files in the/js/
folder. This will avoid issues where other JS at checkout breaks PMPro checkout and will improve compatibility with tools that optimize JS. - REFACTOR: Added unit testing and a started on coverage of some functions in
includes/functions.php
. (Thanks, Mike Auteri) - REFACTOR: The JS function askfirst is now prefixed as
pmpro_askfirst
.