Docs Home
Dev Essentials
PaymentsCommerceCustomersStaffMerchants
Publish
Release notes

Docs

Docs Home
Dev Essentials
Payments
Commerce
Customers
Staff
Merchants
Publish
Release notes
Overview
Build a Tip Report
Split an Online Payment
Build a Sales Report
Delayed Capture
Partial Payments
Statement Descriptions
ACH Bank Transfer Payment
Afterpay and Clearpay Payments
Cash App Payments
Cash Payments
External Payments
House Accounts
Collect Application Fees
Update Payment and Tip Amounts
Retrieve Payments
Troubleshoot
Webhooks
Refund Payments
Refund a Payment with an App Fee
Retrieve Refunds
Process an Unlinked Refund
Webhooks
Process Disputes
Test in the Sandbox
Quickstart
Take Payments
POS App Pairing with Square Terminal
Dismiss Terminal Checkouts and Refunds
Monitor Square Terminals
Manage Terminal Actions
Save Card on File
Check Device Information
Print or Issue Receipts
Customize the Idle Screen
Confirmation Screen
Signature Capture Screen
Data Collection Screen
Menu Selection List Screen
QR Code Screen
Link and Dismiss Actions
Refund Interac Payments
Take E-Money Payments
Take PayPay QR Code Payments
Authorize the Mobile Payments SDK
Pair and Manage Card Readers
Take a Payment
Offline Payments
Handling Errors
Authorize the Mobile Payments SDK
Pair and Manage Card Readers
Take a Payment
Offline Payments
Configure for Square Stand
Handling Errors
Migrate from Reader SDK
Get Credentials
Configure the Sample Application
Take a Cash Payment
Customize the Checkout Amount
Take a Credit Card Payment
How It Works
Build on Android
Build on iOS
Connect a Contactless Reader
Charge a Card on File
Save a Card on File
Configure on iOS for Square Stand
Deauthorize Reader SDK
Capture a Transaction
Delay the Capture of Payments
Configure APK Splits
Update to New Reader SDK Version
Flutter Plugin
React Native Plugin
How It Works
Build on Android
Build on iOS
Build on Mobile Web
Find Your Android Fingerprint
Use the API in Offline Mode
Add an Alert Dialog Helper Class
Accept E-Money Payments
Accept PayPay Payments
Mobile Web Technical Reference
Payments API Integration
Take Payments Online
Web Payments SDK
Quickstart
Clone the Quickstart Project Template
Add the SDK to the Web Client
Verify the Payment
Add Strong Customer Authentication
Deploy the Application
Take a Card Payment
Apple Pay
Google Pay
Digital Wallet Payment Requests
ACH Bank Transfer
Afterpay
Cash App Pay
Take a Gift Card Payment
Take Partial Payments
Customize the Card Entry Form
Add SCA to a Card Payment
Store Card on File with SCA
Charge Card on File with SCA
Charge and Store Card on File with SCA
Set up the Client
Deploy the Server
Install the SDK
Build on Android
Build on iOS
Google Pay
Apple Pay
Enable SRC for Android
Enable SRC for iOS
Localize an Application
Gift Card Payments
Flutter Plugin
React Native Plugin
Customize the Payment Entry Form
Connect to a Backend Service
Remove the Postal Code Requirement
Troubleshoot
How It Works
Verify a Buyer
Quick Pay Checkout
Square Order Checkout
Subscription Plan Checkout
Checkout Settings
Checkout Configurations
Manage Checkout
Guidelines and Limitations
Subscription Plans and Variations
Manage Subscriptions
Subscription Actions and Events
Pause, Resume, or Cancel Subscriptions
Subscription Billing and Invoices
Swap Subscription Plan Variations
Create and Publish Invoices
Retrieve, List, or Search Invoices
Create or Delete Invoice Attachments
Update Invoices
Cancel or Delete Invoices
Pay or Refund Invoices
Walkthrough: Create and Publish Invoices
Manage Cards
Create a Card on File from Payment ID
Create a Card on File and Make a Payment
Create a Shared Card on File and Make a Payment
List Payouts
Get Payout
List Payout Entries
Bank Accounts
How It Works
Build with Mobile Authorization
Get Authorization Code on Command Line
Payment Methods by Country
Payments Pricing
Strong Customer Authentication
Payment Minimums

/

Payments

/

Take Payments Online

/

Web Payments SDK

/

Quickstart

Add Strong Customer Authentication

Applies to: Web Payments SDK | Payments API

Learn how to add Strong Customer Authentication to the application in the Web Payments SDK quickstart project.

Overview
Link to section

Overview

To add security to the payment method, add the Strong Customer Authentication (SCA) security protocol layer to the application and verify the identity of the payment card holder by using the verifyBuyer function.

Important

Your application should always attempt to create a payment with a verification token when a token is returned. It should also be prepared to respond to a payment failure in a small number of cases where a payment is rejected despite receiving a buyer verification token.

  1. Update the storeCard function to take the verificationToken parameter.

  2. Define the verifyBuyer function with billing contact details after the displayResults function.

    Your production application should collect the billing address of the buyer. Although providing an empty billingContact is acceptable, by providing as much billing contact information as possible, you increase the chances of a successful authentication. This example uses an object that is declared with a hard-coded billing address. Your application might collect a billing address at payment time or, if the buyer is a customer on the seller Square account, from the buyer's customer record.

    Note

    The Web Payments SDK produces a payment token that can be used to make a payment with the presented card or to store the card on file. These operations are represented by two intents: CHARGE to make a payment and STORE to store the card.

    The code in the following steps adds the billing contact values needed by SCA (with the payments.verifyBuyer function) to verify the authenticity of the card holder.

    The verifyBuyer function creates a StoreVerifyBuyerDetails object that verifies a card to be stored on file and provides the buyer and purchase details needed by 3DS.

  3. Add the verifyBuyer function to the handleStoreCardMethodSubmission function and update the storeCard method call to include verificationToken.

  4. Test the application.

    1. Navigate to http://localhost:3000/ in your browser.

    2. Use one of the test cards in the following table with a challenge type of “Modal with Verification Code":

      BrandNumberCVVChallenge typeVerification code
      Visa4800 0000 0000 0004111No ChallengeN/A
      Mastercard5222 2200 0000 0005111No ChallengeN/A
      Discover EU6011 0000 0020 1016111No Challenge123456
      Visa EU4310 0000 0020 1019111Modal with
      Verification Code      		123456
      Mastercard5248 4800 0021 0026111Modal with
      Verification Code      		123456
      Mastercard EU5500 0000 0020 1016111Modal with
      Verification Code      		123456
      American Express EU3700 000002 010141111Modal with
      Verification Code      		123456
      Visa4811 1100 0000 0008111No Challenge with
      Failed Verification      		N/A

    After you submit, you see the following window where you enter the verification code:

    A graphic showing the SCA cardholder authentication window that appears when the verifyBuyer function is called.

  5. Verify that the application passed in the verification token with a successful response. Check the application's API log again in your developer account.

Note

You can see a complete code example using the Web Payments Quickstart on GitHub.

Link to section

Next step

On this page
OverviewNext step