Stripe, The payments powerhouse, which is now valued at $ 22.5 billion, has made an acquisition to help it prepare for new regulations in Europe that will be implemented later this year to improve security in online transactions. It has acquired Touchtech Payments, an Irish startup that works with banks to help them build and manage Strong Customer Authentication, a verification process that will typically require customers to provide two different forms of cardholder authentication to process. transactions. SCA will be required for most transactions in Europe starting on September 14 this year.
Additionally, Stripe is updating its APIs, partly in line with these changes. This will include a new default payments API, a new payment process, and updated billing.
The financial terms of the acquisition are not being disclosed. Touchtech had raised less than $ 500,000, according to data from Pitchbook, and will operate out of Stripe’s Dublin offices.
SCA is part of PSD2, a broader payments directive that has been implemented across Europe. The basic idea is that, starting in September, people purchasing items will be required to provide two forms of verification when transacting online, for example by entering a code from their phones or another connected device such as a handheld device; a biometric scan; or a separate PIN. But there are also a number of exceptions, for example purchases under € 30 and recurring billing around subscriptions are exempt, as are transactions with merchants that a customer can add to a whitelist. That makes putting SCA in place and running it quite complex.
John Collison, Stripe’s co-founder and president, said a similar directive implemented in India had a chilling effect on the market after it was mishandled.
“There was a 25 percent drop in sales overnight when the changes took effect in India,” he said in an interview. “So we think SCA is big business. It’s European in scope, and not an option. People are sleeping on it, and they’re not getting as much dialogue as they deserve.”
Interestingly, the acquisition will mark an interesting change for Stripe, which has been built on connections with merchants and other customers who accept digital payments for goods and services: Touchtech interacts with banks and others who handle card payments, which means it will be the first. Once Stripe is developing a service that is not aimed at merchants, but at banks. Collison said this does not mark a major shift in Stripe’s strategy, but rather a consequence of the complexity that will need to be managed – something that banks and cardholders, not merchants, will need to address. “You don’t read too much on this!” He told me.
Touchtech’s current clients include so-called “challenging” banks like N26 and fintech startups like Transferwise, so it will be interesting to see how and if the alignment with Stripe will broaden that scope to cover the biggest providers.
“We have high ambitions for Touchtech,” Collison said.
Stripe’s API updates, Collison said, are mainly due to the SCA account and the triggers that will affect verification, and also how these will impact other parts of the payment stream, such as how the payments will work. payments with Apple Pay and Google Pay. Stripe notes that it is not mandatory for those using current Stripe APIs to update immediately, although those doing business in Europe will eventually need to do so anyway. “WWhen major regulatory changes are introduced in a new market served by Stripe, the Payment Attempts API will allow merchants to update their payment streams seamlessly, significantly reducing the burden of migrations for merchants, ”Stripe notes.
Meanwhile, the checkout process will also automatically handle SCA requirements for merchants, Stripe said. It will be customizable to account for repeat purchases versus one-time purchases.
The upgrade to billing, Stripe said, will now automatically identify which purchases will require SCA and trigger subsequent scripts. This will mainly affect those companies that accept recurring payments, for example, for subscriptions.
In the long term, while this is a European directive, other countries like Mexico and Australia are also considering similar regulations. Given that fraud is a growing problem, this is likely not the end of the story on how customers, banks, merchants, and companies like Stripe who have operated in their simplicity manage to add more tools like this under the hood.