/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.

UK regulator offers 18-month delay for Strong Customer Authentication rules

The UK's Financial Conduct Authority (FCA) has confirmed an 18-month delay to the introduction of Secure Customer Authentication (SCA) rules for e-commerce transactions.

  38 2 comments

UK regulator offers 18-month delay for Strong Customer Authentication rules

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

From September, the SCA regulation under PSD2 is supposed to mean that European shoppers will have to authenticate online payments over EUR30 with two of the following: something they know (like a password), are (fingerprint/face ID), or have (phone).

However, accepting the complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers, the European Banking Authority in June paved the way for some firms, on an "exceptional basis", to get an extension if cleared by national authorities.

The UK's FCA quickly indicated that it would give the industry extra time and has now confirmed an 18-month implementation plan for card issuers, payments firms and online retailers. This is in line with recommendations from UK Finance and European trade association EPSM.

Firms will not face enforcement action after September as long as there is evidence that "they have taken the necessary steps to comply with the plan".

Jonathan Davidson, executive director, supervision - retail and authorisations, FCA, says: "The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster.

"While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction."

Eric Leenders, MD, personal finance, UK Finance, responded to the move: "Today’s FCA plan, which supports our proposals for a managed rollout, will help the industry ensure a timely migration to SCA and result in the best outcomes for consumers while effectively balancing both convenience and security."

The Central Bank of Ireland is also delaying the roll out of SCA rules.

Sponsored New Report – The Future of AI in Financial Services 2025

Comments: (2)

Melvin Haskins

Melvin Haskins Managing Director at Haston International Limited

What is complex about doing this?

John Wojewidka

John Wojewidka International Marketing Director at FaceTec

That 18 months should be focused putting teeth into requirements for performance verifications, particulary claims of liveness detection, the only technology that seems to provide a robust defence. Maybe it's time to mandate tested/certified liveness. If a vendor can't transparently meet this important security threshold, they should be forced back to the drawing board. On their own, most vendors will spend more time spinning their messages than innovating and fixing problems.

New Event Report – Natural Capital FinanceFinextra PromotedNew Event Report – Natural Capital Finance