Melvin Haskins - Haston International Limited - 07 August, 2019, 15:49 0 likes

It means from 1st November 2019 we no longer have to adhere to the EBA, except for Euro payments.

A Finextra member 08 August, 2019, 14:15 0 likes

It means the retail sector didn't understand and did nto take the time to actually find out. Why have other markets, Scandinavia for instance, said they will be ready>

Raymond Lee - PHOS - London 08 August, 2019, 14:16 0 likes

Melvin, it still means that if I want to use my UK issued card, to make a purchase outside of the UK, the card issuer will still need to provide SCA of some sort

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 08 August, 2019, 14:50 0 likes

Kudos to whoever that pushed back on the regulators to create this postponement. SCA will indeed be a major conversion killer and blood pressure booster, as we've seen in India. In the USA, they've been postponing FFIEC 2FA guidelines since 2005, it's still not happened. Let's see how long the EU postponement lasts.

Kevin Smith - Riskskill - Reading 08 August, 2019, 18:25 0 likes

Common sense is eventually being applied here, albeit very late in the day. SCA is very complex, its implementation across so many stakeholders needs to be viewed as not dissmaliar to the historic national implementation of chip and PIN across Europe. The specifications, guidance and clarification of implementation requirements have been slow in delivery and refinement. It requires the partipcaption, engagement of and communication to all stakeholders. Further to earlier comments and observations, the UK is definitely not alone in flagging these SCA related concerns, all European markets are having similar discussions on "are we really going to be ready by 14/09/19, when will we realistically be ready, what needs to happen, what needs to be communicated and to whom". The real implications of poor understanding, not being ready and the threat of penalties for non-compliance would have significant negative imapct on merchants and consumers as the end users  - not just issuers and acquirers. It has taken strong industry pressure to get UK Finance and FCA to recognise that we collectively are not ready but must have a realistic plan on readiness and compliance with EBA requirements. A suggested delay of 18 months to compliance enforcement will enable stakeholders more time to implement. However, ongoing monitoring and pressure will be critical to ensure parties do not leave everything to the last minute. There will be no more delays. The proposed delay in enforcement after 14/09/19 must be used to ensure that we continue to focus on reducing fraud, educating merchants and consumers and getting the implementation right to minimise adverse impact for merchants and consumers.

John Wojewidka - FaceTec - Las Vegas, Nv 08 August, 2019, 22:08 0 likes

SCA itself is not necessarily complex. But, it is ill-informed. Because of that, slowing down the requirement is a good idea. There are two reasons for its lack of understanding. The first is governments are relying on vendors ("experts") to provide the foundation of understanding about how it works. Now, they may not have many other sources to edify them, but this is fundamentally flawed. Which brings up the second reason for the befuddlement: the vendors themselves. They are largely not equipped to deliver, so promote the way they do things today to fit into a model that requires something far more effective. For example, a two-step requirement is just as dangerous as a single step of either step - itself - is not secure. All it does is increase the attack surface, giving bad actors more choices.

The truth is, most systems that claim to support SCA are simply inadequate. And all the various messages the governing bodies hear from their consultants are conflicting, at best, because of it. Far more objective and informed oversight is an absolute must. As is a requirement that all vendors pass performance tests that transparently indicate whether they deliver on their security promises, or not. If these two things don't get fixed during this recess, nothing much will change - except that the reasons for SCA will become much more critical as the bad guys continuously hone their skills.