FCA delays introduction of Strong Consumer Authentication rules

FCA delays introduction of Strong Consumer Authentication rules

Taking its lead from the European Banking Authority, the UK's Financial Conduct Authority has confirmed a delay to the enforcement of stronger payment security standards to give firms more time to prepare.

Earlier this month, the EBA paved the way for some firms, on an "exceptional basis", to get an extension of the September deadline for new Strong Consumer Authentication (SCA) rules for e-commerce transactions. The regulations demand a two-step verification process be implemented for all online purchases over EUR30.

The rules, which are being pushed through under the the PSD2 Directive, have faced strong opposition from a market which is widely seen to not be ready for the switch.

In a statement, the FCA says that it recognises the challenges in meeting the September deadline and has been working with the industry to to implement SCA for card payments in e-commerce as soon as possible after this.

"We aim to quickly agree a plan with stakeholders across the industry that encompasses a blueprint for compliance and readiness, a timetable for achieving this, and key milestones and targets to deliver improved security of customer authentication and fraud reduction along the way," states the regulator. "We will work in close cooperation with all the industry stakeholders and other authorities, including the Payment Systems Regulator, to ensure delivery of the blueprint at pace."

Angus McFadyen, partner, Pinsent Masons says the FCA's reversal continues the regulatory recognition of the adverse impact these rules could have.

"Consumers will see a real impact on their day to day spending experience and no one is communicating with them to explain this," he says. "Equally, the regulators haven’t been able to address some of the other unintended consequences such as the possible adverse impact on the innovative overlay services, like money management apps, that law makers have been supporting.”
Editorial | what does this mean?
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Comments: (2)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 01 July, 2019, 13:03Be the first to give this comment the thumbs up 0 likes

Why "unintended consequence"? I thought it was an extremely obvious consequence, as I pointed out in my comment on "Most UK banks failing to protect online customers with two-factor authentication":

"What will happen to third-party PFM apps like Money Dashboard if the culprit banks implement 2FA".

On a side note, the US regulator FFIEC issued 2FA guidelines for online payments in 2005. The industry is still not ready for 2FA! Let's see when merchants in Europe will be ready for SCA!!

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 11 July, 2019, 09:58Be the first to give this comment the thumbs up 0 likes

To answer my own question, "Let's see when merchants in Europe will be ready for SCA", as of now, it's 18-36 months.

https://www.finextra.com/newsarticle/34101/payments-lobby-calls-for-18-month-delay-to-consumer-authentication-rules