FCA confirm post-September implementation of new SCA rules
Last month the ‘Financial Conduct Authority’ (FCA) confirmed a delay to the enforcement of more secure payment security standards in order to allow more time… Read more
Last month the ‘Financial Conduct Authority’ (FCA) confirmed a delay to the enforcement of more secure payment security standards in order to allow more time for companies to prepare.
This follows the decision of the ‘European Banking Authority’ (EBA) to give an extension on the September deadline for some firms for new ‘Strong Consumer Authentication’ (SCA) rules for e-commerce transactions on an “exceptional basis.”
Such rules, arising from the ‘Second Payment Services Directive’ (PSD2), include requirements such as a mandatory two-step verification process for all online purchases over €30. This delay follows strong criticism from commentators who argue that the market is not ready for the switch, especially due to the complexity of payment systems, and the technical changes that are required to take place.
The original implementation date was due to be 14th September 2019, however the flexibility of implementation the delay affords firms is on the basis that:
- A mitigation plan has been set up by payment services providers;
- Such plan is agreed with the regulator; and
- The plan can be expedited.
The FCA have acknowledged the challenges in meeting the September deadline, but is actively working with the industry to help implement the SCA for card payments in e-commerce without delay:
“We aim to quickly agree a plan with stakeholders across the industry that encompasses a blueprint for compliance and readiness, a timetable for achieving this, and key milestones and targets to deliver improved security of customer authentication and fraud reduction along the way,” states the regulator. “We will work in close cooperation with all the industry stakeholders and other authorities, including the Payment Systems Regulator, to ensure delivery of the blueprint at pace.”
Whilst no timeframes have been officially confirmed, it is clear from this approach that the goal for full SCA implementation will be a matter of months rather than years.
Share this blog
Sandeep Thomas is a commercial technology paralegal
Share this Blog
- Adtech & martech
- Agile
- Artificial intelligence
- EBA outsourcing
- Brexit
- Cloud computing
- Complex & sensitive investigations
- Connectivity
- Cryptocurrencies & blockchain
- Cybersecurity
- Data analytics & big data
- Data breaches
- Data rights
- Digital commerce
- Digital content risk
- Digital health
- Digital media
- Digital infrastructure & telecoms
- Emerging businesses
- Financial services
- Fintech
- Gambling
- GDPR
- KLick DPO
- KLick Trade Mark
- Open banking
- Retail
- SMCR
- Software & services
- Sourcing
- Travel