FCA agrees to phased rollout of Strong Customer Authentication rules

Decision slammed for creating unnecessary confusion among consumers

Tablet payment

The Financial Conduct Authority has agreed to delay the implementation of the EU's upcoming Strong Customer Authentication directive after it assessed that most businesses would not be prepared for the new electronic payment rules by a 14 September 2019 deadline.

SCA, a law forming part of the EU's Second Payment Services Directive (PSD2), will require all businesses offering online payment services within the European Economic Area to enforce multifactor authentication on electronic transfers.

Advertisement - Article continues below

The changes are designed to enhance the security of payments and help reduce fraud, however, according to the FCA, the complexity of the changes is likely to create significant disruption for consumers if implemented using a hard deadline.

"The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster," said Jonathan Davidson, executive director for supervision, retail and authorisations at the FCA. "While these measures will reduce fraud, we want to make sure that they won't cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction".

Under the changes, the e-commerce industry of card issuers, payments firms, and online retailers will have 18 months to implement a second authentication factor for customer-initiated payments, which could include asking customers for a PIN number or biometric data in order to verify the transaction.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

No regulatory action will be taken against companies which do not meet the PSD2 requirements on the 14 September, provided that necessary steps have been taken to be completely compliant at the end of the 18-month window.

However, while the change is designed to make it easier to implement the directive, some have criticised the delay for adding needless confusion to the industry.

"It is disappointing to see such resistance from the financial services sector towards integrating Strong Customer Authentication into its services," said Jason Tooley, chief revenue officer at Veridium. "Financial institutions and payment service providers have had nearly two years to prepare since the initial announcement, and there is no valid excuse for the delay in its enforcement apart from an unwillingness to participate."

"The impact on consumers must not be overlooked by the lengthy delay in enforcement; Strong Customer Authentication will mean consumers are more confident when buying online -- not act as a deterrent to sales as some have incorrectly suggested."

The FCA has said it will continue to monitor how banks and payment services are working towards meeting the new standards, as well as ensuring that alternative forms of multifactor authentication are made available to customers.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020