Have you ever noticed, you’ve used credit or debit cards in order to pay for something in real life, and been through the seemingly very rigorous process of inserting a chip reader and then authenticating payment by entering a PIN code. But then you buy something online with the same card and it never asks you for your card’s PIN, and instead asks you for maybe a CSV?
Why is the security different for real-life purchases than for online transactions?
Online identity theft is shockingly common. According to an article of the Insurance Information Institute, credit and debit card identity theft accounted for over half of identity theft in the US in 2018. A significant proportion of that was strictly online.
This is enough of a problem for the European Union to have taken notice and implement new standards to combat.
SCA, or Strong Customer Authentication, is essentially a two-factor authentication standard for payment processing online. It’s expected that other economic regions will follow the EU with similar policies over time.
The scope of this problem is truly vast though, and the nature of even knowing about the true extent of how bad it is can quickly get vague.
For instance, it is demonstrably true that credit card details can be purchased in bulk on the dark web. There are even databases out there that systematically collect these payment details through various nefarious means and are willing to sell said details to identity thieves in large quantities. We don’t want you to be the next victim.
Digital Samba is an early adopter in SCA and verified ID transaction. This is because we take your information very seriously. Our goal has been to create a platform for our users to collaborate online in the best, most natural and efficient way possible.
That's why we have already implemented and rolled out EU-compliant SCA standards on our website ahead of time. We trust in our partner Stripe to handle all payments on digitalsamba.com and we are now using Stripe's secure Strong Customer Authentication (SCA) compliant processes.
We have always been strong advocates for privacy and data-integrity, whether that be in the form of encryption features we have developed, or in self-hosting options that we keep available, or in our technical support staff. The point of transaction should be as verifiably secure as technically feasible. We are completely on-board with this new security initiative, as we will be with any future initiative that helps keep our users secure.
SCA requires more stringent control on the verification of your persona, affiliation and ownership of your credit card. This control is usually carried out by your bank or credit card institution. In some cases, it may require you to re-authenticate already active subscriptions. Digital Samba will send you an email notification if we fail to process a payment because it was rejected by your bank. We'll even send you a series of reminder emails before stopping your service, so you'll always be able to enjoy a seamless Samba Live experience.
As always, our commitment to integrity does not come by compromising our design elegance and user experience. While the design flow for our transaction will necessarily be changed, using SambaLive will remain to feel natural and make sense.