Preparing for Strong Customer Authentication

We’ve been putting a lot of time into some updates that will be largely invisible to many of our customers. My very least favorite kind of feature! ;)

You can read all about Strong Customer Authentication on this excellent writeup on Stripe’s website.

In short, it’s a requirement for our European customers, that a secondary authentication is in place for credit card purchases. In the same way you can have two factor authentication for a website with both a login and and a text message code, once SCA is fully implemented/enforced when consumers in the European Union use their credit cards, they’ll have to enter in a secondary form of authentication, except where exemptions apply.

We’ve been working on updating our integration with Stripe, so that our European customer are compliant with the Payment Service Directive (PSD2). Customers that fall within the scope of this directive, and who use our payment forms, will automatically have secondary authentication in place, while transactions that take place within the admin side of the Tula system will be marked appropriately as an exemption.

It’s worth reading the Stripe write-up about all this as there are a variety of payment types that take place on the Tula system that are exempt, such as small payments (~$30), membership payments, and payment from saved cards.

The SCA requirements officially take place on September 14th, 2019 however per Stripe, “the European Banking Authority published new guidance on 21 June 2019, which allows national regulators to postpone the SCA enforcement date for select banks and payment providers.”

While Stripe is expecting a phased in approach to the enforcement of the new requirements, we’re still proceeding with our plan to be ready in the middle of September. We’ll continue to post updates as we make our final updates.

One important note: our iOS app will continue to operate with the current stripe API and therefore won’t have the secondary authentication according to these new directives. Payments within the Admin app are considered exempt, however we won’t be marking them as such against Stripe’s new API. Customers in the European Union may see elevated levels of declined transactions in the iOS app depending on the enforcement rollout.

For your students, we recommend that our European customers begin distributing the student mobile web apps that come with every studio. ( and cease distributing the native iOS app.

While I joked at the beginning of this post about it being largely invisible, the truth is we have a new foundation upon which many more visible features will soon appear.

As always, if you’re a Tula customer and have any questions, get in touch with us through our support channel!