FCA agrees to phased rollout of Strong Customer Authentication rules

Decision slammed for creating unnecessary confusion among consumers

Tablet payment

The Financial Conduct Authority has agreed to delay the implementation of the EU's upcoming Strong Customer Authentication directive after it assessed that most businesses would not be prepared for the new electronic payment rules by a 14 September 2019 deadline.

SCA, a law forming part of the EU's Second Payment Services Directive (PSD2), will require all businesses offering online payment services within the European Economic Area to enforce multifactor authentication on electronic transfers.

Advertisement - Article continues below

The changes are designed to enhance the security of payments and help reduce fraud, however, according to the FCA, the complexity of the changes is likely to create significant disruption for consumers if implemented using a hard deadline.

"The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster," said Jonathan Davidson, executive director for supervision, retail and authorisations at the FCA. "While these measures will reduce fraud, we want to make sure that they won't cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction".

Under the changes, the e-commerce industry of card issuers, payments firms, and online retailers will have 18 months to implement a second authentication factor for customer-initiated payments, which could include asking customers for a PIN number or biometric data in order to verify the transaction.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

No regulatory action will be taken against companies which do not meet the PSD2 requirements on the 14 September, provided that necessary steps have been taken to be completely compliant at the end of the 18-month window.

However, while the change is designed to make it easier to implement the directive, some have criticised the delay for adding needless confusion to the industry.

"It is disappointing to see such resistance from the financial services sector towards integrating Strong Customer Authentication into its services," said Jason Tooley, chief revenue officer at Veridium. "Financial institutions and payment service providers have had nearly two years to prepare since the initial announcement, and there is no valid excuse for the delay in its enforcement apart from an unwillingness to participate."

"The impact on consumers must not be overlooked by the lengthy delay in enforcement; Strong Customer Authentication will mean consumers are more confident when buying online -- not act as a deterrent to sales as some have incorrectly suggested."

The FCA has said it will continue to monitor how banks and payment services are working towards meeting the new standards, as well as ensuring that alternative forms of multifactor authentication are made available to customers.

Advertisement

Recommended

Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020
Visit/security/hacking/355227/65-country-coronavirus-team-protects-the-technological-infrastructure-of
hacking

Cyber security experts form coronavirus taskforce to combat ransomware attacks

3 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/security/privacy/355211/google-releases-location-data-to-showcase-effectiveness-of-coronavirus
privacy

Google releases location data to show effectiveness of coronavirus lockdowns

3 Apr 2020