/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

FCA delays introduction of Strong Consumer Authentication rules

Taking its lead from the European Banking Authority, the UK's Financial Conduct Authority has confirmed a delay to the enforcement of stronger payment security standards to give firms more time to prepare.

  35 2 comments

FCA delays introduction of Strong Consumer Authentication rules

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Earlier this month, the EBA paved the way for some firms, on an "exceptional basis", to get an extension of the September deadline for new Strong Consumer Authentication (SCA) rules for e-commerce transactions. The regulations demand a two-step verification process be implemented for all online purchases over EUR30.

The rules, which are being pushed through under the the PSD2 Directive, have faced strong opposition from a market which is widely seen to not be ready for the switch.

In a statement, the FCA says that it recognises the challenges in meeting the September deadline and has been working with the industry to to implement SCA for card payments in e-commerce as soon as possible after this.

"We aim to quickly agree a plan with stakeholders across the industry that encompasses a blueprint for compliance and readiness, a timetable for achieving this, and key milestones and targets to deliver improved security of customer authentication and fraud reduction along the way," states the regulator. "We will work in close cooperation with all the industry stakeholders and other authorities, including the Payment Systems Regulator, to ensure delivery of the blueprint at pace."

Angus McFadyen, partner, Pinsent Masons says the FCA's reversal continues the regulatory recognition of the adverse impact these rules could have.

"Consumers will see a real impact on their day to day spending experience and no one is communicating with them to explain this," he says. "Equally, the regulators haven’t been able to address some of the other unintended consequences such as the possible adverse impact on the innovative overlay services, like money management apps, that law makers have been supporting.”

Sponsored [Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the future

Comments: (2)

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

Why "unintended consequence"? I thought it was an extremely obvious consequence, as I pointed out in my comment on "Most UK banks failing to protect online customers with two-factor authentication":

"What will happen to third-party PFM apps like Money Dashboard if the culprit banks implement 2FA".

On a side note, the US regulator FFIEC issued 2FA guidelines for online payments in 2005. The industry is still not ready for 2FA! Let's see when merchants in Europe will be ready for SCA!!

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

To answer my own question, "Let's see when merchants in Europe will be ready for SCA", as of now, it's 18-36 months.

https://www.finextra.com/newsarticle/34101/payments-lobby-calls-for-18-month-delay-to-consumer-authentication-rules

[Webinar] PREDICT 2025: The Future of Faster Payments in the USFinextra Promoted[Webinar] PREDICT 2025: The Future of Faster Payments in the US