Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
SCA to be effective as of September 14th - CC/PP to require 2FA
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

SCA to be effective as of September 14th - CC/PP to require 2FA

YmpkerYmpker Member
edited August 2019 in General

As of September 14th European law dictates 2FA when paying with CC or PayPal online. This means if you are a provider you should be looking to support this soon. Maybe some Blesta module needs an update? Even if the most part is probably on the payment processor to implent this, It must be implemented with payment gateways and often your billing system too. It’s nothing your bank does for years. It’s a new regulation, SCA, and it will change how the authorisation works across the entire payment industry in September. Whoever is not compatible with SCA will see their payments declined (according to Clouvider).

https://150sec.com/new-eu-e-commerce-payment-rules-all-you-need-to-know/11273/

Comments

  • MikePTMikePT Member, Provider
    edited August 2019

    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Thanked by 1Ympker
  • pikepike Member
    edited August 2019

    This new law sucks so much. My bank forces me either to use their shitty app (only android and iOS) or buy a code generator for 30€.

    Thanked by 1Ympker
  • @pike said:
    This new law sucks so much. My bank forces me either to use their shitty app (only android and iOS) or buy a code generator for 30€.

    I hear ya. My bank's app (which I didn't use so far) is rated poorly on playstore and is described as buggy and non-functional. Gotta love that.

  • Its insecure as I can tell, compared to the method used before, which was you get lists of codes send to you and you need to use one and auth the transaction. Instead of using the same PIN everytime.

    Thanked by 1pike
  • @pike said:
    This new law sucks so much. My bank forces me either to use their shitty app (only android and iOS) or buy a code generator for 30€.

    Damn. My bank doesn’t really use Verified by Visa anymore (it shows the page but automatically redirects without any further prompts) but rather their own ‘system’:

    Thanked by 2pike Unixfy
  • What about automated payments? Do I have to do 2FA every month?

    i did NAT

  • @lemon said:
    What about automated payments? Do I have to do 2FA every month?

    Nobody knows yet.

  • pikepike Member
    edited August 2019

    If it only was for buying goods online with my visa.. but now they will force me into using their app for simple money transfers to other accounts. So no way for me to avoid buying their silly 30€ generator or using their silly app.

    How can an app be more secure than the good old paper TAN list.

    Thanked by 1Ympker
  • jackbjackb Member, Provider

    @lemon said:
    What about automated payments? Do I have to do 2FA every month?

    merchant initiated transactions and recurring transactions are exempt, somehow. I suppose it must be enforced on the first transaction (otherwise fraudsters would just claim it is a recurring payment)

    Afterburst - Awesome OpenVZ&KVM VPS in US+EU

  • WHMCS is cutting it fine with being ready on time - 7.8 is at release candidate stage still and contains the required upgrade to Stripe elements. Hope they hurry up!

    Afterburst - awesome & unmetered! Read why here!

  • Fastmako (aff) - great VPS for your needs.

  • MikeAMikeA Member, Provider
    edited August 2019

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Have no fear, WHMCS charges $1.50/month for account 2FA acccess! I am sure payment 2FA will cost $3.00/month!

    Thanked by 1MikePT

    ExtraVM - AMD Ryzen VPS starting @ $3.50
    USA (TX, VA, FL), CA, FR, UK, SGP, AU

  • @MikeA said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Have no fear, WHMCS charges $1.50/month for account 2FA acccess! I am sure payment 2FA will cost $3.00/month!

    Did I just hear CPanel 4.0?, must be a bug.

  • MikeAMikeA Member, Provider
    edited August 2019

    @Neoon said:

    @MikeA said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Have no fear, WHMCS charges $1.50/month for account 2FA acccess! I am sure payment 2FA will cost $3.00/month!

    Did I just hear CPanel 4.0?, must be a bug.

    Hello,

    I am pleased to inform you that 2FA for cPanel accounts will cost an additional $0.05 per account.

    ExtraVM - AMD Ryzen VPS starting @ $3.50
    USA (TX, VA, FL), CA, FR, UK, SGP, AU

  • Seems like most companies figured, that the DLC model prints the most money.

  • EdmondEdmond Member without signature

    @doghouch said:

    @pike said:
    This new law sucks so much. My bank forces me either to use their shitty app (only android and iOS) or buy a code generator for 30€.

    Damn. My bank doesn’t really use Verified by Visa anymore (it shows the page but automatically redirects without any further prompts) but rather their own ‘system’:

    You sure? I remember the first time using said card on Cineplex, it redirected me to Verified by Visa and requested my information. Afterwards, everytime it redirects to Verified by Visa, just redirects and approves the transaction, not that movie tickets were suppose to be expensive to start with.

    I gotten those text message things from a different bank for an etransfer before however.. Replying Y didn't work however.. :(

  • MikePTMikePT Member, Provider

    @MikeA said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Have no fear, WHMCS charges $1.50/month for account 2FA acccess! I am sure payment 2FA will cost $3.00/month!

    Haha for sure!!! Its just ridiculous. Just another way for them to profit from us.

  • estnocestnoc Member, Provider

    interesting how this thing will work out if customers are paying by cards through Paypal?

    EstNOC.ee - Hosting and DataCentre services in 35 EU/ASIA/USA locations.

  • doghouchdoghouch Member
    edited August 2019

    @Edmond said:

    @doghouch said:

    @pike said:
    This new law sucks so much. My bank forces me either to use their shitty app (only android and iOS) or buy a code generator for 30€.

    Damn. My bank doesn’t really use Verified by Visa anymore (it shows the page but automatically redirects without any further prompts) but rather their own ‘system’:

    You sure? I remember the first time using said card on Cineplex, it redirected me to Verified by Visa and requested my information. Afterwards, everytime it redirects to Verified by Visa, just redirects and approves the transaction, not that movie tickets were suppose to be expensive to start with.

    I gotten those text message things from a different bank for an etransfer before however.. Replying Y didn't work however.. :(

    Yeah — I’ve entered my information once before and it just redirects for me now as well.

    As for replying “y” to transactions: you need to try the transaction a second time after the SMS message.

  • raindog308raindog308 Administrator, Moderator

    Ympker said: My bank's app

    pike said: their app

    I hate per-site apps. We have web browsers, which liberated us from the idea of having a different program to do every single task. The smartphone era where every web site wants to have its own app is Windows 3.1 thinking.

    For LET support, please visit the support desk.

  • HxxxHxxx Member

    Apps easier for the majority of users. Less work on their part.

    @raindog308 said:

    Ympker said: My bank's app

    pike said: their app

    I hate per-site apps. We have web browsers, which liberated us from the idea of having a different program to do every single task. The smartphone era where every web site wants to have its own app is Windows 3.1 thinking.

  • raindog308raindog308 Administrator, Moderator

    Hxxx said: Apps easier for the majority of users. Less work on their part.

    How so?

    • have to download app
    • have to hope it integrates with your password manager
    • have to keep it up to date
    • have to learn any quirks because the interface is different than the web
    • have to reload the app if you move to a different device

    Etc.

    Thanked by 1pike

    For LET support, please visit the support desk.

  • jsgjsg Member
    edited August 2019

    @raindog308

    Html isn't all rosy. Browsers are extremely fat and bloated (or virtually useless) and highly insecure.

    But I'm also not with @Hxxx because I think that for most users "apps" in the browser are the most "natural" and normal way of interaction.

    As for 2FA I don't care. It's just security theater like most wide-spread or demanded by law "security" - as plenty ridiculously broken banking apps, anti-virus, etc clearly demonstrate.
    For the sake of fairness: with modern societies rapidly walking towards idiocracy good 2FA is hard to do and bad 2FA has already been broken (e.g. sending codes via SMS).

    I find it funny btw. that millions of people don't hesitate to spend $30 or even more per year on snakeoil like anti-virus but are unwilling to spend 50$ once for reasonable security (if available. many banking apps suggest that those would be poor too).

    So what? Amazon, ebay, etc flourish

    P.S. Why is 2FA via SMS broken? Because politicians and large corporations agreed that extremely lousy security was the right thing to do. Why has TLS such a poor track record? Because founding let's encrypt and giving away security illusion, err, certificates away for free is cheaper than doing PKI properly plus it pleases the large (clueless) majority.
    TL;DR: We are having problems because either democracy per se doesn't work or because we the people (most of us) are too stupid for democracy, sorry..

    Thanks no.

  • ClouviderClouvider Member, Provider

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Guess again. Especially if you are auto-charging cards on file.

    Clouvider Limited - Leading Hosting & Connectivity Partner || Dedicated Server Sale from £39/m - Our Latest LET Offer

    Cloud Web Hosting | SSD & SAS HA OnApp VPS | US, UK, NL & DE Dedicated Servers | Network Services | Colocation | Managed Services

  • MikePTMikePT Member, Provider

    @Clouvider said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Guess again. Especially if you are auto-charging cards on file.

    What do you mean?

  • ClouviderClouvider Member, Provider

    @MikePT said:

    @Clouvider said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Guess again. Especially if you are auto-charging cards on file.

    What do you mean?

    You need to indicate through API that you intend to use card for recurring payments and that needs to go through 3DS2, otherwise when it's rolled in - your recurring transactions will decline automagically.

    Clouvider Limited - Leading Hosting & Connectivity Partner || Dedicated Server Sale from £39/m - Our Latest LET Offer

    Cloud Web Hosting | SSD & SAS HA OnApp VPS | US, UK, NL & DE Dedicated Servers | Network Services | Colocation | Managed Services

  • MikePTMikePT Member, Provider

    @Clouvider said:

    @MikePT said:

    @Clouvider said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Guess again. Especially if you are auto-charging cards on file.

    What do you mean?

    You need to indicate through API that you intend to use card for recurring payments and that needs to go through 3DS2, otherwise when it's rolled in - your recurring transactions will decline automagically.

    And won't WHMCS be able to do that?

  • @MikePT said:

    @Clouvider said:

    @MikePT said:

    @Clouvider said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Guess again. Especially if you are auto-charging cards on file.

    What do you mean?

    You need to indicate through API that you intend to use card for recurring payments and that needs to go through 3DS2, otherwise when it's rolled in - your recurring transactions will decline automagically.

    And won't WHMCS be able to do that?

    I believe this is something that is not solely up to WHMCS to work and be implemented correctly. Could be wrong though.

    Thanked by 1MikePT
  • SpartanHostSpartanHost Member, Provider

    @MikeA said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Have no fear, WHMCS charges $1.50/month for account 2FA acccess! I am sure payment 2FA will cost $3.00/month!

    They don't charge anymore for two factor auth (time-based tokens) in WHMCS 7.8 :smile:

    Source: https://preview.whmcs.com (Free Two-Factor Authentication)

    Thanked by 2MikeA MikePT
  • raindog308raindog308 Administrator, Moderator
    edited August 2019

    jsg said: For the sake of fairness: with modern societies rapidly walking towards idiocracy good 2FA is hard to do and bad 2FA has already been broken (e.g. sending codes via SMS).

    There are other forms of 2FA though - my employer requires it for most logins and we use an authenticator. Previous employer used RSA fobs. I'm not sure why a Google Authenticator, et al is hard to use, though SMS codes are more popular, probably due to familiarity.

    jsg said: I find it funny btw. that millions of people don't hesitate to spend $30 or even more per year on snakeoil like anti-virus but are unwilling to spend 50$ once for reasonable security (if available. many banking apps suggest that those would be poor too).

    I don't know if I'd call AV pure snake oil...it can be helpful, though it's purely reactive and of course, provides the illusion of complete protection when at best it's piecemeal.

    jsg said: TL;DR: We are having problems because either democracy per se doesn't work or because we the people (most of us) are too stupid for democracy, sorry..

    Absolutely...democracy is the demented idea that idiots can identify and select good leaders. But then, I've always assumed Sturgeon's Law applies to human intelligence.

    Thanked by 1jsg

    For LET support, please visit the support desk.

  • SmallWebSmallWeb Member, Provider
    edited August 2019

    Ympker said: Maybe some Blesta module needs an update?

    For reference from blesta forums:

    https://dev.blesta.com/browse/CORE-3068


    Thanked by 1Ympker

    Michael from SmallWeb - Support is only offered via ticket/email.

  • SpryServers_TabSpryServers_Tab Member, Provider

    We've offered 2fa for years, but with this law do we need to REQUIRE 2fa? Like is offering it enough, or do we have to enforce it?

    Tab Fitts | Founder/CEO - Spry Servers
    SSD Shared Hosting || VPS || Dedicated Servers || Network Status || PHX1 LG || DAL1 LG ||1-844-799-HOST (4678)

  • HxxxHxxx Member

    Answered those below for you. Dev perspective.

    @raindog308 said:

    Hxxx said: Apps easier for the majority of users. Less work on their part.

    How so?

    • have to download app

    Like Facebook, Intagram , Whatsapp, etc. Is natural to use the app market.

    • have to hope it integrates with your password manager

    A proper done app would integrate with your fingerprint / phone lock ability.

    • have to keep it up to date

    It auto update. Is normal for these to be kept up to date automatically. Unless you have disable it.

    • have to learn any quirks because the interface is different than the web

    Actually app development follow UX & UI best practices. It usually end up being familiar. For example Hybrid Frameworks like Ionic automatically apply a different behaviour to the UI depending on which platform is the user running. Good developers follow standards.

    • have to reload the app if you move to a different device

    That is done automatically by your device if you haven't disable it.

    Etc.

    :)

  • jsgjsg Member

    @raindog308 said:
    There are other forms of 2FA though - my employer requires it for most logins and we use an authenticator. Previous employer used RSA fobs. I'm not sure why a Google Authenticator, et al is hard to use, though SMS codes are more popular, probably due to familiarity.

    Trust me, you don't want to go down that rabbithole because there is a lot of noise but no rabbits in it.
    Hint: "RSA fobs" as in "products that use a payed for 'random' (prng) algo from the NSA".
    One problem is evident: NSA, GCHQ, etc. A less evident problem is tha almost all major players (e.g. Google) have (a) a selective view because their interest isn't security but "security for our needs/use cases" and (b) usually a context that is very much different from yours (e.g. thousands and thousands of servers and billions of $).
    Other problems that are rarely seen and understood include poor random choices (which looks unimpressive but actually is by far the most important element in most IT security), cruft (the OpenBSD guys ripped out lots of cruft from OpenSSL for good reasons), and more.

    I don't know if I'd call AV pure snake oil...it can be helpful, though it's purely reactive and of course, provides the illusion of complete protection when at best it's piecemeal.

    I came from another angle, the fact that pretty much all AVs have become security risks themselves. There are quite a few attack vectors out there due to considerable vulnerabilities in AVs.

    Absolutely...democracy is the demented idea that idiots can identify and select good leaders. But then, I've always assumed Sturgeon's Law applies to human intelligence.

    If that ever came into public view the 90% would be united in voting for controlling (or locking away) the "dangerous intelligent ones". So, psshhh

    Thanks no.

  • jsgjsg Member

    @Hxxx said:
    Like Facebook, Intagram , Whatsapp, etc. Is natural to use the app market.

    Which - thank God for that! - are not part of the OS and must be "downloaded"

    A proper done app would integrate with your fingerprint / phone lock ability.

    Definitely not. A properly done app would always let the user have some choice and the last word. Anything that boils down to a black box for the user is not a good solution.

    • have to keep it up to date

    It auto update. Is normal for these to be kept up to date automatically. Unless you have disable it.

    Auto-updating solved some problems ... and created others and sometimes worse ones.

    Actually app development follow UX & UI best practices ...

    Please kindly call yourself "web dev" and not "dev". The latter are usually engineers (or tick like engineers) while the former often are [self-redacted] and have next to nothing in common with engineers.

    Thanked by 2Hxxx AlwaysSkint

    Thanks no.

  • MikePTMikePT Member, Provider

    @SpartanHost said:

    @MikeA said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Have no fear, WHMCS charges $1.50/month for account 2FA acccess! I am sure payment 2FA will cost $3.00/month!

    They don't charge anymore for two factor auth (time-based tokens) in WHMCS 7.8 :smile:

    Source: https://preview.whmcs.com (Free Two-Factor Authentication)

    That's nice actually!

  • ClouviderClouvider Member, Provider

    @MikePT said:

    @Clouvider said:

    @MikePT said:

    @Clouvider said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Guess again. Especially if you are auto-charging cards on file.

    What do you mean?

    You need to indicate through API that you intend to use card for recurring payments and that needs to go through 3DS2, otherwise when it's rolled in - your recurring transactions will decline automagically.

    And won't WHMCS be able to do that?

    I don’t know - ask them - surely not retrospectively though, so cards on file will need to be re-entered with Customer on site again through 3DS(2) before you’ll be able to continue using them.

    We add this API call for the past month already to all payments on site. We aren’t quite sure if all banks are registering it yet - cuz no one seems to be prepared for this. It’s a joke.

    Thanked by 1MikePT

    Clouvider Limited - Leading Hosting & Connectivity Partner || Dedicated Server Sale from £39/m - Our Latest LET Offer

    Cloud Web Hosting | SSD & SAS HA OnApp VPS | US, UK, NL & DE Dedicated Servers | Network Services | Colocation | Managed Services

  • HxxxHxxx Member
    edited August 2019

    You are right, I should have said Software Engineer :) . I dont know who you are minimizing here lol. Just saying... All I can gather from your responses is:

    -You assume without experience.

    *UX & UI is not limited to web so... i feel sad already for your response.

    *You forgot we are talking about normal users and not engineers. For engineers apps are useless. But for normal users that like to one touch things and be done with it, apps is the way. Actually if I'm wrong, why do app stores exists ... and why are they so alive with new apps joining everyday?

    I'll give you a 6/10 for effort.

    Remember that not all apps run on web tech. There are advantages for apps that run native code in terms of performance, API access, integration...etc.

    @jsg said:

    @Hxxx said:
    Like Facebook, Intagram , Whatsapp, etc. Is natural to use the app market.

    Which - thank God for that! - are not part of the OS and must be "downloaded"

    A proper done app would integrate with your fingerprint / phone lock ability.

    Definitely not. A properly done app would always let the user have some choice and the last word. Anything that boils down to a black box for the user is not a good solution.

    • have to keep it up to date

    It auto update. Is normal for these to be kept up to date automatically. Unless you have disable it.

    Auto-updating solved some problems ... and created others and sometimes worse ones.

    Actually app development follow UX & UI best practices ...

    Please kindly call yourself "web dev" and not "dev". The latter are usually engineers (or tick like engineers) while the former often are [self-redacted] and have next to nothing in common with engineers.

  • jsgjsg Member

    @Hxxx

    Well that's roughly what was to be expected from a "UX" and "UI" focussed "developer".

    But hey, satisfy my curiosity: what libraries or frameworks are you using when developing, say for Linux, xBSD, Windows, Apple (the desktop OS), Android, and IOS?

    Thanks no.

  • MikePTMikePT Member, Provider

    @Clouvider said:

    @MikePT said:

    @Clouvider said:

    @MikePT said:

    @Clouvider said:

    @MikePT said:
    I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.

    Guess again. Especially if you are auto-charging cards on file.

    What do you mean?

    You need to indicate through API that you intend to use card for recurring payments and that needs to go through 3DS2, otherwise when it's rolled in - your recurring transactions will decline automagically.

    And won't WHMCS be able to do that?

    I don’t know - ask them - surely not retrospectively though, so cards on file will need to be re-entered with Customer on site again through 3DS(2) before you’ll be able to continue using them.

    We add this API call for the past month already to all payments on site. We aren’t quite sure if all banks are registering it yet - cuz no one seems to be prepared for this. It’s a joke.

    Well let's see what will happen I guess!!! :)

  • @Clouvider said:
    I don’t know - ask them - surely not retrospectively though, so cards on file will need to be re-entered with Customer on site again through 3DS(2) before you’ll be able to continue using them.

    If you already had 3D-Secure enabled for all payments, you won't have to re-enter on the site, because you've already done the SCA - at least that's how it works with Braintree and quite some other Payment Providers.

    @SpryServers_Tab said:
    We've offered 2fa for years, but with this law do we need to REQUIRE 2fa? Like is offering it enough, or do we have to enforce it?

    No, SCA has to happen on the payment itself - if using an external hosted payment window, you'll likely not have to do anything (But confirm with your payment provider), if you're using Drop-In UI's or Hosted Fields from Braintree, Stripe or similar, you'll have to update the code to do 3D-Secure 2.0 (Relatively easy for drop-in UI in Braintree at least).

  • ClouviderClouvider Member, Provider
    edited August 2019

    Zerpy said:
    If you already had 3D-Secure enabled for all payments, you won't have to re-enter on the site, because you've already done the SCA - at least that's how it works with Braintree and quite some other Payment Providers.

    Not really. In case you intend to re-use Customer details offline, so for example, for the purpose of automated billing, you need to pass an additional parameter when creating the charge, informing the bank that you intend to do so. The bank can then apply different authentication to the Customer to comply with their own risk assessment under SCA.

    Thanked by 1Ympker

    Clouvider Limited - Leading Hosting & Connectivity Partner || Dedicated Server Sale from £39/m - Our Latest LET Offer

    Cloud Web Hosting | SSD & SAS HA OnApp VPS | US, UK, NL & DE Dedicated Servers | Network Services | Colocation | Managed Services

  • @Clouvider said:
    Not really. In case you intend to re-use Customer details offline, so for example, for the purpose of automated billing, you need to pass an additional parameter when creating the charge, informing the bank that you intend to do so. The bank can then apply different authentication to the Customer to comply with their own risk assessment under SCA.

    Better inform Braintree about that then ;)

    And I can see you have to inform Adyen as well then - since they'll only require SCA if the first transaction was made on or after 14 September 2019: https://docs.adyen.com/payments-essentials/psd2-sca-compliance-and-implementation-guide/

    So two major gateways are then doing it illegally or?

  • ClouviderClouvider Member, Provider
    edited August 2019

    Zerpy said: So two major gateways are then doing it illegally or?

    It's not about legally - I agree that 3DS suffices legally, but it's about the issuing bank will say yes, or no during the authorisation in this case and I guess we'll find out in September or later, how this works out in practice.

    Clouvider Limited - Leading Hosting & Connectivity Partner || Dedicated Server Sale from £39/m - Our Latest LET Offer

    Cloud Web Hosting | SSD & SAS HA OnApp VPS | US, UK, NL & DE Dedicated Servers | Network Services | Colocation | Managed Services

  • SpryServers_TabSpryServers_Tab Member, Provider

    @Zerpy said:

    @Clouvider said:
    I don’t know - ask them - surely not retrospectively though, so cards on file will need to be re-entered with Customer on site again through 3DS(2) before you’ll be able to continue using them.

    If you already had 3D-Secure enabled for all payments, you won't have to re-enter on the site, because you've already done the SCA - at least that's how it works with Braintree and quite some other Payment Providers.

    @SpryServers_Tab said:
    We've offered 2fa for years, but with this law do we need to REQUIRE 2fa? Like is offering it enough, or do we have to enforce it?

    No, SCA has to happen on the payment itself - if using an external hosted payment window, you'll likely not have to do anything (But confirm with your payment provider), if you're using Drop-In UI's or Hosted Fields from Braintree, Stripe or similar, you'll have to update the code to do 3D-Secure 2.0 (Relatively easy for drop-in UI in Braintree at least).

    Ahh good to know. We transmit the data directly. (non tokenized authorize.net) With the exception of PayPal payments of course.

    Tab Fitts | Founder/CEO - Spry Servers
    SSD Shared Hosting || VPS || Dedicated Servers || Network Status || PHX1 LG || DAL1 LG ||1-844-799-HOST (4678)

  • @jsg said:
    @Hxxx

    Well that's roughly what was to be expected from a "UX" and "UI" focussed "developer".

    But hey, satisfy my curiosity: what libraries or frameworks are you using when developing, say for Linux, xBSD, Windows, Apple (the desktop OS), Android, and IOS?

    React <3

    /s

    Thanked by 1Hxxx
  • HxxxHxxx Member

    Angular <3

    @doghouch said:

    @jsg said:
    @Hxxx

    Well that's roughly what was to be expected from a "UX" and "UI" focussed "developer".

    But hey, satisfy my curiosity: what libraries or frameworks are you using when developing, say for Linux, xBSD, Windows, Apple (the desktop OS), Android, and IOS?

    React <3

    /s

  • @Hxxx

    I was being sarcastic — real men write iOS apps in Objective-C as opposed to Swift :I

  • HxxxHxxx Member

    I differ ... real men write apps with pure C , not even ++. ObjectiveC is for pussies.

    @doghouch said:
    @Hxxx

    I was being sarcastic — real men write iOS apps in Objective-C as opposed to Swift :I

Sign In or Register to comment.