mtkang - stock.adobe.com
The Financial Conduct Authority has given payments and e-commerce firms an extra 18 months to meet the European Union (EU)-wide Strong Customer Authentication (SCA) rules.
SCA, which is due to come into effect next month, is part of the EU’s Payment Services Directive 2 (PSD2). It means that any online payments worth over €30 would require two methods of authentication from the person making the payment, such as a password, biometic authentication such as a fingerprint, or having a phone that can identify them.
The FCA’s decision to extend the deadline comes after the European Banking Authority said more time was needed to implement SCA given the “complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers”.
Jonathan Davidson, executive director for supervision – retail and authorisations at the FCA, said: “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves, so we have agreed a phased plan for their timely introduction.”
The FCA said it would not take enforcement action against firms that do not meet the requirements “where there is evidence that they have taken the necessary steps to comply with the plan”. It added that at the end of the 18-month extension, it “expects all firms to have made the necessary changes and undertaken the required testing to apply SCA”.
Jason Tooley, chief revenue officer at authentication software company Veridium, said it was disappointing to see resistance from the financial services sector to integrating SCA. “Financial institutions and payment service providers have had nearly two years to prepare since the initial announcement, and there is no valid excuse for the delay in its enforcement, apart from an unwillingness to participate,” he said. “It would be interesting to understand the prioritisation of PSD2 SCA as I’m aware that a number of financial services organisations viewed this as a business differentiator.
“While it is true that consumers will see minor changes to their day-to-day spending, the additional layer of security on higher-value payments will enable consumers to benefit from safer and more innovative electronic payment services.”
Read more about PSD2 and open banking
- It seems that the Dutch government made such a good job of promoting GDPR that people have become incredibly wary of allowing their banks to share some of their data.
- BNP Paribas Fortis is integrating consumer financial management software fintech firm Tink into its mobile banking apps as part of its plan to meet and benefit from the EU’s Payment Services Directive 2 (PSD2).
- Artificial intelligence technology could help banks retain the important link with customers when open banking arrives in Europe early next year.