To comply with the new SCA regulations coming in to force, it is now mandatory to identify how card data is captured so that it can be authenticated and processed securely.
The good news is that Clubmate will do this automatically for you via our upgraded integration with Stripe.
And for most clubs, whose members go online to add their card details, there are no changes at all.
However for clubs who capture card details over the phone, via post or face to face, and need to manually enter card information into Clubmate then there will be some process changes. This is because Stripe isn’t able to verify that you are keeping this information secure—which means that you will become responsible for ensuring that you protect your customers’ card information in accordance with PCI compliance requirements
To help understand what action you need to take (if any), we've broken down the card capture methods and any relevant actions you need to take below:
Online
If your members are entering their card details online via the member portal, then there is no change. You do not need to do anything and can continue, business as usual.
Face to Face
If you wish to capture card details face to face, Clubmate will now prompt you to share the screen with the cardholder so that they can add the details themselves.
If you do not want to share the screen with the cardholder and would prefer to key the card details directly in to Clubmate yourself instead then you will become responsible for protecting your customers' card information in accordance with PCI compliance requirements. Should you want to do this then you must obtain approval from Stripe first.
Offline - post / phone
If you wish to capture card details via phone or post and then key them in to Clubmate directly, then you will become responsible for protecting your customers' card information in accordance with PCI compliance requirements. Should you want to do this then you must obtain approval from Stripe first.
As default, clubs will be set as non MOTO (Mail Order & Telephone Order) ready as default and will therefore be unable to key the card details in to the system manually until they have received approval from Stripe.
Recommendation
We strongly recommend that you request members to add their card details online themselves. It is more secure, both for you and for your member. Should you need to capture the card details face to face then make sure that the member adds the details themselves. This removes the need for you to become PCI compliant and gain approval from Stripe.
If your organisation has a need to capture card details offline & without the member adding them in the system directly then please be aware that you will become responsible for protecting your customers' card information in accordance with PCI compliance requirements. You will also need to obtain approval from Stripe and then update the relevant settings in Clubmate, confirming that you have received the necessary approval.
How to obtain approval from Stripe
Once you're confident that you are able to protect your customers' card details in accordance with PCI compliance requirements, please contact Stripe directly so that they can enable your account. You can do this via your Stripe Dashboard or their Support Team.
What to do once you’ve obtained approval from Stripe
Once you have received approval from Stripe, you will need to log in to Clubmate, go to Integrations and then click on Set Up to configure your Stripe account. You can find a help article showing you how here
FAQ's
The member added their card details online, can I still process a payment against their card over the phone?
Yes. These new regulations relate to how the card data was originally captured not how a payment is processed. So if they have added their card details online and then requested a payment to be processed against their stored card over the phone or face to face, then that is absolutely fine and unchanged.
When does this change come in to force?
Now. Clubmate is compliant with SCA regulations with immediate effect.
Can I change a members card details remotely?
No not unless you are PCI compliant. We recommend that they update their own card details online via the member portal.
How do we become PCI compliant?
Please refer to Stripe for any guidance on becoming PCI compliant.