The Financial Conduct Authority (FCA) has today agreed a plan that gives the payments and e-commerce industry extra time to implement Strong Customer Authentication (SCA).
From September 14, 2019, EU rules that impact the way in which banks or payment services providers verify their customers’ identity and validate specific payment instructions will apply. The rules, called Strong Customer Authentication (SCA), are intended to enhance the security of payments and limit fraud during this authentication process.
The FCA has agreed an 18-month plan to implement the authentication process with the e-commerce industry of card issuers, payments firm and online retailers. The implementation plan reflects the European Banking Authority’s (EBA) assessment that more time is required to put the SCA in place given the complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers.
Jonathan Davidson, executive director for supervision – retail and authorisations, said: “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”
The FCA has confirmed it will not take enforcement action against firms if they do not meet the relevant requirements for SCA from September 14, 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18 month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.
The FCA will also continue to monitor the extent to which banks and payment service providers are meeting its expectation that they consider the impact of SCA on different groups of consumers and provide alternative means of authentication where needed.
Eric Leenders, managing director of personal finance, UK Finance, said: “We expect that providers will have appropriate solutions in place to allow their customers to authenticate themselves. This could mean your bank or provider using a text message, phone call, banking app or card reader to check your identity. Other methods are available and more are being developed that will make it even easier to shop more safely online in the future, including biometric technologies that could allow customers to be identified with something as simple as a thumbprint.”