Under the EU’s Revised Directive on Payment Services (PSD2), ExpressVPN is now required to authenticate credit cards through Strong Customer Authentication (SCA) to reduce fraud and make payments more secure.
This regulatory requirement affects customers whose card-issuing financial institutions are located in the European Economic Area.
For older customers, this means you will need to perform a one-time SCA step to authorize your payments when it’s time to renew your subscription.
For new customers, this means there will be an SCA step when you pay for your subscription for the first time.
My ExpressVPN subscription is up for renewal. How do I perform SCA for my credit card?
If you are an older customer, you will receive an email from us asking you to authenticate your credit card.
How to authenticate your credit card:
- Click the link in the email, which will take you to a page on our website.
- Click the button on that page, which will take you through your bank’s authentication system.
- Follow the instructions from your bank to complete the authentication process.
How do I know this is not a phishing email?
Phishing is a fraudulent attempt to gain sensitive data from you, like usernames, email addresses, passwords, and credit card details.
Phishing emails appear to be sent from legitimate institutions (e.g., companies, banks, the government). These emails try to direct you to their fake websites or phone numbers or get you to reply with your personal information.
You can verify the authenticity of our SCA email by doing any of the following:
- Contact the ExpressVPN Support Team to confirm that we did, indeed, email you
- Confirm that the domain for the destination URL of the link we sent you is expressvpn.com
If you’re worried about phishing emails, you can authenticate your credit card by signing in directly to your authentication page.