FCA agrees to phased rollout of Strong Customer Authentication rules

Decision slammed for creating unnecessary confusion among consumers

Tablet payment

The Financial Conduct Authority has agreed to delay the implementation of the EU's upcoming Strong Customer Authentication directive after it assessed that most businesses would not be prepared for the new electronic payment rules by a 14 September 2019 deadline.

SCA, a law forming part of the EU's Second Payment Services Directive (PSD2), will require all businesses offering online payment services within the European Economic Area to enforce multifactor authentication on electronic transfers.

The changes are designed to enhance the security of payments and help reduce fraud, however, according to the FCA, the complexity of the changes is likely to create significant disruption for consumers if implemented using a hard deadline.

"The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster," said Jonathan Davidson, executive director for supervision, retail and authorisations at the FCA. "While these measures will reduce fraud, we want to make sure that they won't cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction".

Under the changes, the e-commerce industry of card issuers, payments firms, and online retailers will have 18 months to implement a second authentication factor for customer-initiated payments, which could include asking customers for a PIN number or biometric data in order to verify the transaction.

No regulatory action will be taken against companies which do not meet the PSD2 requirements on the 14 September, provided that necessary steps have been taken to be completely compliant at the end of the 18-month window.

However, while the change is designed to make it easier to implement the directive, some have criticised the delay for adding needless confusion to the industry.

"It is disappointing to see such resistance from the financial services sector towards integrating Strong Customer Authentication into its services," said Jason Tooley, chief revenue officer at Veridium. "Financial institutions and payment service providers have had nearly two years to prepare since the initial announcement, and there is no valid excuse for the delay in its enforcement apart from an unwillingness to participate."

"The impact on consumers must not be overlooked by the lengthy delay in enforcement; Strong Customer Authentication will mean consumers are more confident when buying online -- not act as a deterrent to sales as some have incorrectly suggested."

The FCA has said it will continue to monitor how banks and payment services are working towards meeting the new standards, as well as ensuring that alternative forms of multifactor authentication are made available to customers.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

What is shoulder surfing?
Security

What is shoulder surfing?

2 Dec 2020
Security benefits of open virtualised RAN
Whitepaper

Security benefits of open virtualised RAN

2 Dec 2020
Bitdefender debuts cloud-based endpoint detection and response solution
endpoint security

Bitdefender debuts cloud-based endpoint detection and response solution

2 Dec 2020
Google brings enterprise-grade Android security to SMBs
Google Android

Google brings enterprise-grade Android security to SMBs

2 Dec 2020

Most Popular

350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
Samsung Galaxy Note might be discontinued in 2021
Mobile Phones

Samsung Galaxy Note might be discontinued in 2021

1 Dec 2020