FCA Gives Firms More Time to Comply With Strong Authentication Rules
August 15, 2019 Share

FCA Gives Firms More Time to Comply With Strong Authentication Rules

The UK’s financial regulator has agreed to give the country’s payments and e-commerce providers more time to comply with new user authentication rules mandated by PSD2.

The Financial Conduct Authority (FCA) said yesterday that it would provide card issuers, payments firm and online retailers with an 18-month timeline to implement the Strong Customer Authentication (SCA) checks.

This is in line with the opinion of the European Banking Authority (EBA), which recently admitted that more time was needed to implement SCA given its complexity and a lack of preparedness in the market.

Originally set for a September 14 deadline, SCA will force any firms accepting payments online to ensure they apply two-factor authentication checks on their customers. In many cases, this will come in the form of the popular 3-D Secure option.

However, exceptions are made for low value payments (under EUR30), recurring payments such as subscriptions, customers who have whitelisted merchants they trust, and low-risk transactions. The latter requires a real-time risk assessment on each payment, and therefore advanced fraud screening tools.

The FCA will now not take action if any firms don’t meet the September 2019 deadline, as long as they can demonstrate “there is evidence that they have taken the necessary steps to comply with the plan.”

“The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster,” explained Jonathan Davidson, executive director at the FCA.

“While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”

Jason Tooley, chief revenue officer at Veridium, said the delay was disappointing.

“Financial institutions and payment service providers have had nearly two years to prepare since the initial announcement, and there is no valid excuse for the delay in its enforcement apart from an unwillingness to participate,” he argued.

“Whilst it is true that consumers will see minor changes to their day-to-day spending, the additional layer of security on higher value payments will enable consumers to benefit from safer and more innovative electronic payment services. The impact on consumers must not be overlooked by the lengthy delay in enforcement; SCA will mean consumers are more confident when buying online – not act as a deterrent to sales as some have incorrectly suggested.”

This post FCA Gives Firms More Time to Comply With Strong Authentication Rules originally appeared on InfoSecurity Magazine.

Read More