FCA agrees to phased rollout of Strong Customer Authentication rules

Decision slammed for creating unnecessary confusion among consumers

Tablet payment

The Financial Conduct Authority has agreed to delay the implementation of the EU's upcoming Strong Customer Authentication directive after it assessed that most businesses would not be prepared for the new electronic payment rules by a 14 September 2019 deadline.

SCA, a law forming part of the EU's Second Payment Services Directive (PSD2), will require all businesses offering online payment services within the European Economic Area to enforce multifactor authentication on electronic transfers.

The changes are designed to enhance the security of payments and help reduce fraud, however, according to the FCA, the complexity of the changes is likely to create significant disruption for consumers if implemented using a hard deadline.

"The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster," said Jonathan Davidson, executive director for supervision, retail and authorisations at the FCA. "While these measures will reduce fraud, we want to make sure that they won't cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction".

Under the changes, the e-commerce industry of card issuers, payments firms, and online retailers will have 18 months to implement a second authentication factor for customer-initiated payments, which could include asking customers for a PIN number or biometric data in order to verify the transaction.

No regulatory action will be taken against companies which do not meet the PSD2 requirements on the 14 September, provided that necessary steps have been taken to be completely compliant at the end of the 18-month window.

However, while the change is designed to make it easier to implement the directive, some have criticised the delay for adding needless confusion to the industry.

"It is disappointing to see such resistance from the financial services sector towards integrating Strong Customer Authentication into its services," said Jason Tooley, chief revenue officer at Veridium. "Financial institutions and payment service providers have had nearly two years to prepare since the initial announcement, and there is no valid excuse for the delay in its enforcement apart from an unwillingness to participate."

"The impact on consumers must not be overlooked by the lengthy delay in enforcement; Strong Customer Authentication will mean consumers are more confident when buying online -- not act as a deterrent to sales as some have incorrectly suggested."

The FCA has said it will continue to monitor how banks and payment services are working towards meeting the new standards, as well as ensuring that alternative forms of multifactor authentication are made available to customers.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Malicious ‘Dependency Confusion’ packages are stealing password files
hacking

Malicious ‘Dependency Confusion’ packages are stealing password files

2 Mar 2021
What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

2 Mar 2021
What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021