Note: Version 2.1 of Paid Memberships Pro is out with SCA support for the Stripe gateway integration, along with other bug fixes and enhancements. Please read the full release notes for more information. Last Updated: September 15, 2019

Paid Memberships Pro v2.1 BetaOur v2.1 Release Candidate 1 is now available and includes SCA updates for the Stripe gateway. This update includes a major overhaul to our Stripe gateway, which now uses the Stripe Elements and PaymentIntents APIs.


You can begin the testing process now and ensure there will be no issues with your membership site’s compliance when the SCA regulation is in place.

We plan to push this release to the WordPress.org repository on September 13, 2019. You will then be able to upgrade automatically from your WordPress dashboard.

We are actively working on a v2.2 release, containing the SCA updates for PayPal Website Payments Pro and Braintree. We hope to push that release as soon as possible this month.

Other gateways either don’t require SCA updates or will be addressed later.

Continue reading for more details on how each gateway is specifically handling the SCA requirements and other frequently asked questions.


What is Secure Customer Authentication or SCA?

Jessica wrote up a primer on SCA (a.k.a. PSD2, a.k.a. 3DS) a little while back. In general, 3-D Secure™ (3DS) is a payment authentication protocol that authenticates a card holder through their card issuer. Transactions that have been validated through 3DS are less likely to be fraudulent, meaning fewer chargebacks for you as the merchant and more protection for your customers and their payment data. Full SCA regulation will go into effect for EU on September 14, 2019, although several countries such as UK and Germany have extended the deadline following the European Banking Authority’s recommendation.

Stripe is maintaining a list of national regulators that are postponing the SCA enforcement date for select banks and payment providers. Please refer to the article for official public statements from each national regulator related to their enforcement timeline.


SCA Compliance and Your Primary Gateway

The sections below provide more details for each payment gateway that we integrate with. Find your primary gateway in the list below to see how this upcoming regulation will affect your membership site.


Stripe

We have updated PMPro to work with Stripe.js v3 and Stripe Elements. This move not only handles immediate SCA challenges, but also sets us up for further improvements in our Stripe integration. The v2.1-Beta2 includes these updates and can be tested now. We do not recommend using this prerelease on production websites.

To make sure you are ready, carefully test this prerelease on a staging site, update PMPro when the full 2.1 release is launched, and update Stripe to use the latest version of their API in the Stripe dashboard. Remember to take necessary precautions when setting up a staging site as activity on a staging site can impact your live site data. This article by Andrew covers how to safely use PMPro in a staging environment.


Braintree

We are in the process of updating our integration with Braintree to support their SCA implementation. We will release a v2.1-Beta3 when the Braintree updates are ready to test.

3DS 2.0 is enabled on all Braintree sandbox accounts by default. Non-EU merchants will have to contact Braintree to enable 3DS 2.0 for production accounts.

To make sure you are ready, confirm your 3DS 2.0 setup in your Braintree account, and update PMPro when the full 2.1 release is launched.


PayPal Website Payments Pro

We are in the process of updating our integration with PayPal to support their SCA implementation for Website Payments Pro. We will release a v2.1-Beta3 when the PayPal updates are ready to test.

To enable SCA for Website Payments Pro, you will have to:

  1. Register a Cardinal Commerce account.
  2. Enable 3D Secure from the Memberships > Settings > Payment Settings tab in the WP Dashboard.
  3. Copy the required Cardinal Commerce data fields and paste them into the settings in PMPro.

We will publish more detailed steps before the full v2.1 release. Please see PayPal’s SCA guide for more information.


PayPal Payflow Pro

We are in the process of updating our integration with PayPal to support their SCA implementation for Payflow Pro. We will release a v2.1-Beta3 when the PayPal updates are ready to test.

To enable SCA for Payflow Pro, you will have to:

  1. Register a Cardinal Commerce account.
  2. Enable 3D Secure from the Memberships > Settings > Payment Settings tab in the WP Dashboard.
  3. Copy the required Cardinal Commerce data fields and paste them into the settings in PMPro.

We will publish more detailed steps before the full v2.1 release. Please see PayPal’s SCA guide for more information.


PayPal Express

Since PayPal Express checkout happens mostly on the PayPal side, there are no required updates to the PMPro code or your site. Users checking out with PayPal may receive an SCA challenge in PayPal. We strongly recommend reviewing the changes to the v2.1 release and updating your version of Paid Memberships Pro when the full release is published.


PayPal Standard

Since PayPal Standard checkout happens mostly on the PayPal side, there are no required updates to the PMPro code or your site. Users checking out with PayPal may receive an SCA challenge in PayPal. We strongly recommend reviewing the changes to the v2.1 release and updating your version of Paid Memberships Pro when the full release is published.


Authorize.net

Initially, Authorize.net released a notice that recommended users with EU customers migrate to Cybersource to support SCA requirements. We instead suggest you take this opportunity to migrate to Stripe if you are able.

Currently, Authorize.net has announced support for Cardinal Commerce. The details of implementing Cardinal Commerce support for Authorize.net are similar to the updates we are doing for PayPal Website Payments Pro and Payflow Pro, but we have not yet started work on this integration.

If we are able to, we will include this support in the v2.1 release by September 14, 2019, but we may not hit that date for the Authorize.net updates. We will push a point release update as soon as possible.


Cybersource

Our Cybersource gateway is not a heavily used option for our plugin’s user base. We are evaluating updates required to support SCA and Cybersource in general.


2Checkout

Since 2Checkout checkout happens mostly on the 2Checkout side, there are no required updates to the PMPro code or your site. Users checking out with 2Checkout may receive an SCA challenge in 2Checkout. We strongly recommend reviewing the changes to the v2.1 release and updating your version of Paid Memberships Pro when the full release is published.


Check this Article for Future Updates

We will continue to update this article and the documentation for each gateway we offer over the next several weeks. If you have specific questions about your site and SCA regulations, please reach out to us via the contact form. Developers can follow the updates on the v2.1 branch of our GitHub repository.


The current list of v2.1 RC1 changes is detailed below:

      • FEATURE: Updated Stripe integration to support Stripe v3, Stripe Elements, and their Secure Customer Authorization process.
      • FEATURE: Updated how we store prices to support up to 8 decimals (e.g. for Bitcoin gateway implementations).
      • ENHANCEMENT: Improved error messaging on the update billing page when a gateway doesn’t support it or the user’s current membership doesn’t have a subscription.
      • ENHANCEMENT: Added a pmpro_is_checkout() function that will return true if on the PMPro checkout page or a page with the PMPro checkout shortcode or block.
      • ENHANCEMENT: Showing a warning message when a user about to be deleted has a membership so admins know that existing subscriptions will be deleted at the gateway.
      • ENHANCEMENT: Added a pmpro_braintree_plan_id filter in case you need to adjust plan IDs. This is useful if you have several sites running on the same Braintree account.
      • ENHANCEMENT: Added a pmpro_num_expiration_years filter to adjust the number of years to include in the dropdown to set the year membership will expire.
      • ENHANCEMENT: Tweaked the UI of the orders list and members list in the dashboard.
      • ENHANCEMENT: Added pmpro_membership_levels_table_extra_cols_header and pmpro_membership_levels_table_extra_cols_body hooks to add columns to the members list.
      • ENHANCEMENT: Showing notices to admins when categories are hidden from them on the frontend of the site.
      • ENHANCEMENT: Added a pmpro_url filter to filter URLs returned from that function.
      • ENHANCEMENT: Adding a pmpro_checkout_gateway-stripe or pmpro_checkout_gateway-paypal etc. CSS class to the wrapping div for payment fields to aid in styling.
      • ENHANCEMENT: Using the site’s date format option when printing orders.
      • BUG FIX/ENHANCEMENT: If a site has no paying levels, the test gateway will show as the “Default” gateway and we will no longer show a message about requiring gateway setup on the checkout page.
      • BUG FIX/ENHANCEMENT: Updated Russian Ruble definition to have 0 decimals and use a non-breaking space as the thousands separator. (Thanks, Airat Halitov)
      • BUG FIX/ENHANCEMENT: Using add_query_arg when generating IPN URLs to avoid issues on sites that aren’t using pretty permalinks or have moved their admin directory.
      • BUG FIX/ENHANCEMENT: Fixed issue on advanced settings page where clicking on labels didn’t check the corresponding check boxes.
      • BUG FIX/ENHANCEMENT: Updated our pmpro_generateUsername() function to be a bit smarter.
      • BUG FIX/ENHANCEMENT: Now using wp_generate_password() when choosing a random password for a user (e.g. when using the Sign Up Shortcode add on or the $skip_account_fields global).
      • BUG FIX/ENHANCEMENT: Setting autocomplete to false on the “fullname” honeypot field. This will prevent user’s with certain autocomplete tools from accidentally filling it out.
      • BUG FIX/EHNANCEMENT: Now sending name and email fields to PayPay (using Website Payments Pro) even if no address was captured.
      • BUG FIX/ENHANCEMENT: More specific CSS selectors for checkout form elements to make sure errors are highlighted/etc with different themes.
      • BUG FIX: Fixed issue where the first 2000 or so orders might be skipped when exporting orders on large sites.
      • BUG FIX: Fixed issue with setting custom trials on discount codes.
      • BUG FIX: Fixed issue in the SQL query in the pmpro_calculateInitialPaymentRevenue() function. This function is deprecated, but still used by some custom code.
      • BUG FIX: Fixed issue where default templates would fail to load if a custom template was specified.
      • BUG FIX: Fixed fatal errors that could happen when using the PMPro REST API endpoints.
      • BUG FIX: Fixed bug where the invoices page would sometimes show data for the current (admin) users instead of the user the invoice was for.
      • BUG FIX: Fixed bug where the membership stats graphs would sometimes show up blank.
      • BUG FIX: Now falling back to using readfile() if fpassthru() doesn’t existing.
      • BUG FIX: Fixed issue where the from name and email were not set properly if the Only Filter PMPro Emails setting was checked. (Thanks, mjulian87 on GitHub)
      • REFACTOR: Moved JavaScript out of pages/checkout.php and other places into files in the /js/ folder. This will avoid issues where other JS at checkout breaks PMPro checkout and will improve compatibility with tools that optimize JS.
      • REFACTOR: Added unit testing and a started on coverage of some functions in includes/functions.php. (Thanks, Mike Auteri)
      • REFACTOR: The JS function askfirst is now prefixed as pmpro_askfirst.

This entry was posted by Jason Coleman in Release Notes and tagged . Bookmark the permalink. Last updated: September 10, 2019. Titled SCA Compliance for PMPro v2.1: Download the Initial Beta Release and Read the Setup Guide

Comments (14)

Thank you for this detailed post. Does PMP have a demo site that has this update implemented so we can test out these features before doing our own updates? I would really like to see v3 of Stripe beforehand.

We don’t have a public demo. I will try to mock up some screenshots for you at least. In this release, we are trying to have the checkout process match as much as possible the way it was in PMPro 2.0 and earlier.

There are some neat things we can do with Stripe v3, but we’re holding off on those.

The payment fields are displayed in an iframe and so for technical reasons will look a little bit different than they do now.

The authorization process happens mostly in a popover which is just mocked up in our testing. I don’t know what a real live authorization will look like. It will be different depending on the bank behind the credit card and other things. During testing, we see a simple screen with buttons to pass or fail the test.

I hope this helps.

We have plugin auto-update enabled on our site using Jetpack. Does this mean our site will automatically be updated with this beta release or is this beta release a manual update only?

Hi, Josh. We just published the Beta2 release, which includes bug fixes for our Stripe edits. We have some “quality of life” type edits we are planning to do yet and more edge case (integrating multiple of our add ons in custom ways) testing to do.

We plan to release a Beta3 tomorrow with updates for Braintree and PayPal and the official v2.1 release with whatever we have ready on Thursday. Thanks.

Hello,

We are adjusting the date a lot. The plugin must be updated before September 14, according to Stripe.

If it is not updated we will lose all subscribers.

It is urgent.

Thank you,

Hello,
It’s September 12th, the new regulation comes into effect on September 14th.
I have a warning message in the Stripe Dashbord inviting me to comply by September 14th.
When do you expect the official update? it becomes very urgent!
100% of my clients are in Europe !

Leave a Reply

For faster support related to issues on your specific site please open a ticket in our members support area.

Your email address will not be published. Required fields are marked *