Skip to content
As powerful cross industry groups piled on the pressure, the UK’s Financial Conduct Authority (FCA) has published its response to the European Banking Authority’s Opinion on Strong Customer Authentication (SCA) under the revised Payment Services Directive (PSD2).
FCA bows to pressure and allows more time for Strong Customer Authentication
The Opinion is the EBA’s response to key industry questions about which authentication factors comply with the requirements for SCA.
The Opinion acknowledges the complexity of the payments markets across the EU and the challenges arising from the changes that are required, in particular by actors that are not payment service providers (PSPs) and, therefore, not directly subject to PSD2 and the EBA’s technical standards, such as e-merchants, which may lead to some actors in the payments chain not being ready by September 14, 2019.
The EBA, therefore, accepts that, in order to avoid unintended negative consequences for some payment service users after September 14, 2019, national competent authorities (NCAs) may decide to work with PSPs and relevant stakeholders, including consumers and merchants, to provide limited additional time.
This is to allow issuers to migrate to authentication approaches that are compliant with SCA, and acquirers to migrate their merchants to solutions that support SCA.
The FCA noted that EBA’s Opinion allows the UK regulator to give some firms extra time to implement SCA.
The legal deadline for complying with the Regulatory Technical Standards on Strong Customer Authentication remains September 14, 2019. However, the FCA recognises the challenges in meeting this deadline and has been working with the industry to develop a plan to migrate the industry to implement SCA for card payments in e-commerce as soon as possible after this.
The regulator aims to agree a plan with stakeholders across the industry that encompasses a blueprint for compliance and readiness, a timetable for achieving this, and key milestones and targets to deliver improved security of customer authentication and fraud reduction along the way.
Once the plan is agreed, the FCA expects all participants to meet the agreed milestones, targets and final delivery date.
The FCA says it will not take enforcement action against firms if they do not meet the relevant requirements for SCA from September 14, 2019 in areas covered by the agreed migration plan, where there is evidence that they have taken the necessary steps to comply with the plan.
The post FCA bows to pressure and allows more time for Strong Customer Authentication appeared first on Payments Cards & Mobile.
