The simplest method for Non-profit Fundraising Software Users to comply with SCA (Strong Customer Authentication) for Stripe

Whether you are a small non-profit organization or you are a pro fundraiser, one of the major challenges every organization faces is that of security. Even though non-profit fundraising software  solutions nowadays are equipped with some of the best payment gateways, fraud and data security always sit on the top of the list of concerns for many fundraisers.

One of the Solution Engineers and Ruby on Rails developer, Arkit Agarwal from GammaStack, who is equipped with more than 2 years of experience in the IT industry recognized this challenge and came up with an easy solution to help fundraisers tackle this issue head-on. The solution is ideal for charity donation platforms or non-profit fundraising software solutions that carry out heavy online transactions.

If your fundraising model is based on EEA (European Economic Area) and you make use of a lot of online transactions, then you might be aware of SCA. SCA stands for Strong Customer Authentication that has been enforced in Europe as a part of PSD2 regulation from 14 Sept 2019.

To help organizations comply with these regulations, Stripe, which is one of the most popular and well-documented payment gateway has pushed in some modifications in their existing APIs. For more information, you can visit the following links: 

https://stripe.com/docs/strong-customer-authentication

https://stripe.com/en-in/guides/strong-customer-authentication

Several non-profit fundraising organizations have faced similar issues with their existing payment gateways in the past and hence, to help non-profits secure their platforms, Arkit modified the Stripe integration so that organizations can easily comply with SCA.

This article provides all the crucial information and code pieces that will help the organization avoid this roadblock without any hassle.  

Since Arkit is a Ruby on Rails developer, all the code pieces are in Rails format. This step-by-step tutorial assumes that you are already using a Stripe payment gateway, Charges API for payment transactions and also have a basic understanding of Stripe and its API keys.

So let’s begin!

• There are two basic processes of online transactions, which are

1. To directly charge the provided card/s. 
2. To store them to be charged later.

• For both of these processes, Stripe has provided two new APIs,

1. Payment Intent API for taking a one-time payment. 
2. Setup the Intent API for getting the card stored for future transactions.

• In order to get access to these APIs, you must first update your currently existing stripe library or Gem to its latest version and that can be done simply by running the following command in the console:

bundle update stripe

Now let us talk about the processes leading to the migration and integration of the Payment Intent API for a one-time payment transaction first.

• First of all, you need to generate an intent to accept payments on the server-side. This can be done by using
  @payment_intent = Stripe::PaymentIntent.create({amount: xx, currency: ‘abc’})
  *Amount and currency can be dynamic depending on the scope of the application. 
• Now after creating a payment intent on the server-side, we need to pass this intent to the client-side stripe Javascript which will actually do all the heavy lifting for us.

stripe.confirmCardPayment(
 INTENT_SECRET_FROM_STEP_1,
  {
    payment_method: {card: cardElement}
}).then(function(result) {
if (result.error) {
    // Display error.message in your UI.
  } else {
    // The payment has succeeded
    // Display a success message
  }
});

• In your existing integration is the Charges API. The final step is to use the tokenized payment information to create a charge on the server. But with Payment Intent API, this is no longer required as confirmCardPayment() method called in previous step already initiated the charge.
• Now the last step is to monitor the payment_intent.succeeded handler. If it evaluates to true, then it means that the charging is succeeded and you must go on and fulfill the customer’s order. 
  Now let us quickly move to the processes of migration and integration of the Setup Intent API for securely storing the cards for future transactions
• To save the card for future transactions and to get the card SCA security while saving it, Stripe has introduced the SetupIntent API. It does not require a lot of effort to implement it, just a few lines of code. Firstly, we need to create the setup_intent on the server-side as we did in the last section for the payment intent.
  @setup_intent = Stripe::SetupIntent.create
• Now in the second step, we just need to pass this setup intent’s client secret to the client and use the confirmCardSetup functions instead of createToken function(used with Charges API). If authentication is required, then the confirmCardPayment method will automatically prompt the user for it.

stripe.confirmCardSetup(
clientSecret,
  {
     payment_method: {
       card: cardElement,
      billing_details: {name: cardholderName.value}
   }
     }
   }
).then(function(result) {
   if (result.error) {
    // Display error.message in your UI.
   } else {
     // The SetupIntent was successful!
  }
});

• If the confirmCardPayment method succeeds, then the setupIntent.payment_method will come up with a payment method that you can attach to any customer payment profile and save it to your database in order to use it to charge him later.
• In order to charge a customer later, you must first attach the payment_method generated in the above step to a customer. Here are code lines-
  customer = Stripe::Customer.create({
    payment_method: intent.payment_method,
  })
• Now we have a customer that has an authenticated setup_intent payment method attached to him while storing the card. When this user is charged off session, the system will not ask for a 3D security check again which might sometimes as well depend on banking regulations. We can charge the saved customer with SCA regulation using payment intent as we did earlier in the previous section of the doc with some extra lines of code added to it. For more information on how to use save cards, you can visit the following link “https://stripe.com/docs/payments/save-and-reuse”.
• Last but not the least, for the payment form view if you need a faster migration, you can use direct SCA supported payment form, iframe provided by stripe itself or you can simply design and customize your own payment form with Stripe js.
  The above solution by Arkit Agarwal has helped several non-profit organizations and charity donation platform owners working with GammaStack in achieving security and data protection in their online transactions. 
  When it comes to a non-profit fundraising software or a charity donation platform, one of the most crucial aspects is handling donations/payments. The above method developed by Arkit Agarwal not only helps fundraisers achieve security and data protection across their platforms but also helps in complying with SCA.   
  GammaStack is a non-profit fundraising software solution provider that comes equipped with several features and tools. These features include volunteer and donor management, marketing tools, analytics and reports, multiple software integration, leaderboards, branding tools, admin dashboards, diverse payment gateways, support center and many more. 
  Want to get your hands on a feature-rich charity donation platform, non-profit fundraising software, best donor management software or team fundraising software solution? 
  Contact GammaStack today!

About the author:
Arkit Agarwal,
Ruby on Rails developer at GammaStack