On December 31, new laws will come into force in the EU that will impact online shopping. Apple has now published a warning explaining how developers will be affected and what they need to do to prepare for the changes.
The European Union's Strong Customer Authentication (SCA) legislation comes into force on December 31, 2020, and means that developers who sell digital content in Europe will have to review some settings or make some changes. Apple points out that the App Store and Apple Pay work in accordance with SCA. But developers still have to review their app implementation of StoreKit and Apple Pay. The company describes in detail what developers need to do for both StoreKit and Apple Pay. It says in a support document on the developer website:
Handling Transactions with StoreKit
For in-app purchases that require SCA, the user is asked to authenticate their credit or debit card, is redirected from the purchase flow to the bank or payment processor's website or app to authenticate, and then back to the App Store where they receive a message that their purchase is complete. Handling this interrupted transaction is similar to "Ask to Buy" purchases that require family approval or when users are required to agree to updated App Store terms before completing a purchase.
Make sure your app can handle suspended transactions properly by initializing a transaction observer that responds to new transactions and syncs pending transactions with Apple. This observer helps your app handle SCA transactions that can update your payment queue with a status of "failed" or "deferred" when the user leaves the app. When the user is redirected to the App Store after authentication, a new transaction with a status of "purchased" is immediately delivered to the observer and can contain a new value for the transactionIdentifier property. You can test suspended purchase scenarios in the sandbox for a specific sandboxed Apple ID.
Regarding Apple Pay, the company explains:
Apple Pay includes built-in authentication and does not require additional authentication from banks. However, to avoid issues with payments made with Apple Pay on your apps and websites, make sure you use the correct country code in payment requests and display the final amount on the payment sheet.
The countryCode value on the PKPaymentRequest (for apps) and ApplePayPaymentRequest (for websites) should be set to the correct two-letter country code for the country you are processing the funds in. Setting it correctly will ensure a PSD2 compliant cryptogram if the merchant's CountryCode and the user's card issuer are both within the EEA.
Show the final amount and not a pending amount on the payment sheet. This helps with dynamic linking, where the transaction amount and a merchant identifier are included in the cryptogram to prove the origin and authenticity of the transaction."
App Store purchases: There are exceptions that circumvent interruptions
Although the article is primarily aimed at developers, I would also like to give consumers a tip. Anyone who pays using App Store credit or a mobile phone bill will be able to complete the transaction without additional authentication. Alternatively, Apple Pay can also be stored as an active payment method in the App Store - provided that Apple Pay has already been set up. The intermediate step of authentication is therefore only necessary if a purchase is made directly using a credit card. It was also noted that transactions under 30 euros can probably be carried out directly, thus eliminating the need for additional authentication. (Photo by vladm / Bigstockphoto)
