As of the 14th September, 2019, Strong Customer Authentication (SCA) became a requirement in the EU for European merchants to sell to European customers. While the implementation of SCA has been partially delayed, it is expected to be fully enforced by New Years Eve 2020.
As of Chec's API version
2020-08-12, the Stripe gateway supports Strong Customer Authentication using the Stripe Payment Intents API. Here's a quick summary of what you need to do to support this:
After registering the Payment Method, continue with Commerce.js's
checkouts.capture() call and provide the payment method's ID as
payment[stripe][payment_method_id] in the payload.
If further verification is required for the transaction, Commerce.js will respond with a 402 "Payment Required" error and the following response body:
"message": "The specified payment method requires further verification",
If the response from Commerce.js was successful (20x response code) you can continue as normal, otherwise you will need to use Stripe.js to handle further verification. This is the step that shows a popup for the customer to verify themselves via phone, email, a number on the back of their card, etc.
After handling further verification with Stripe.js, it will give you a payment intent ID. You should now use this instead of the payment method ID, and re-submit your call to Commerce.js for
checkouts.capture() - the payload should now contain
The Chec API will verify the payment intent by this ID, confirm it, and respond as normal so you can complete your checkout.
We've written a blog post on implementing strong customer authentication with Stripe in your checkout which contains more in-depth examples.
You might also find the Stripe guide for implementing a synchronous card payment while finalizing on the server side useful. In this guide you can use Chec's "capture order" API with the notes above in place of Stripe's backend API example code.