Apple is obliged to comply with the new “Strong Customer Authentication” (SCA) requirements, which were introduced in the form of new legislation on December 31, 2020, so apps on the iOS will have to ramp up their security and add some more safety steps for the successful completion of online purchases. Developers will have to ensure that their apps implement StoreKit and Apple Pay correctly and that the SCA system is supported as it should.
The EU has introduced some anti-fraud measures to protect users from falling victims to fraudsters or losing money to hackers who have somehow gained access to their accounts or devices. In this context, certain transactions that involve credit or debit cards, Apple Pay, and other electronic forms of payment will now have to be authenticated by the bank of the payment service provider. This extra step is added for safety, but it will inevitably make the process a tiny bit more cumbersome for the users, as they will have to approve and confirm the transaction.
As Apple explains, there are specific transaction types that should pass through the SCA system, while others are excluded as shown below:
From now on, and for the transactions that should comply with the SCA requirements, users will be taken out of the purchase flow and onto the bank or online payment service platform to authenticate their card or account. This will be an interruption, but it will essentially ramp up the security of these payments, making it impossible for unauthorized users to engage in transactions using other people’s money.
Apple Pay already includes a built-in authentication system. Still, developers who are incorporating the system into their apps will have to ensure that the correct two-letter country code is used on payment requests.
Also, the final amount should be shown on the payment sheet, not the pending one. This helps in dynamic linking and proves the transaction’s origin and authenticity by including the merchant identifier and the actual amount in the cryptogram.