The Financial Conduct Authority (FCA) has agreed a plan to give the payments and e-commerce industry extra time to implement Strong Customer Authentication (SCA).
From 14 September 2019, new European Union (EU) rules apply that impact how banks or payment services providers verify their customers' identities and validate payment instructions. The Strong Customer Authentication (SCA) rules are intended to enhance the security of payments and limit fraud.
The FCA has agreed an 18-month plan to implement SCA with the e-commerce industry which includes card issuers, payment firms and online retailers. The plan reflects the opinion of the European Banking Authority (EBA) that more time was needed to implement SCA given the complexity, lack of preparedness and the potential for a significant impact on consumers.
Jonathan Davidson, Executive Director for Supervision – Retail and Authorisations, said:
'The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won't cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction'.
The FCA has confirmed that it will not take enforcement action against businesses if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan as long as there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18-month period, the FCA expects all businesses to have made the necessary changes and undertaken the required testing to apply SCA.
Internet link: FCA press release