The European Banking Authority (EBA) has published an opinion on the deadline for the migration to Strong Customer Authentication (SCA), setting a deadline to 31 December 2020 and prescribing the expected actions to be taken during the migration period.

This applies under the revised Payment Services Directive (PSD2) for e-commerce card-based payment transactions, recommending that national competent authorities (NCAs) take a consistent approach toward the SCA migration period across the EU, requiring their respective payment service providers (PSPs) to carry out the actions set out in the regulations.

The EBA also stressed that national regulators should communicate to PSPs in their jurisdiction that the supervisory flexibility they have exercised does not represent a delay in the application date of the SCA requirements in PSD2 and the technical standards.

“Rather, it means that NCAs will focus on monitoring migration plans instead of pursuing immediate enforcement actions against PSPs that are not compliant with the SCA requirements,” the opinion read.

“Furthermore, the EBA notes that consumers will be protected against fraud as required by the law and NCAs should, therefore, communicate to their PSPs that the liability regime under Article 74 of the PSD2 applies and that issuing and acquiring PSPs are still liable for unauthorised payment transactions.”

This latest opinion is a follow-up to that on the elements of SCA made in June, which acknowledged the complexity of the payments markets across the EU and the challenges that arise from the changes – in particular for some in the payment chain that are not PSPs and would not be ready for the original 14 September 2019 deadline.

Against this backdrop, the EBA accepted that, on an exceptional basis and in order to avoid unintended negative consequences for some payment service users after that date, NCAs could work with PSPs and relevant stakeholders - including consumers and merchants - to provide limited additional time.

The UK’s Financial Conduct Authority followed that lead and extended the deadline for 18 months, but has recently warned that this time must be spent in preparation for the new implementation date.

Brian Gaynor, executive director for product solutions at J.P. Morgan, said he welcomed the clarity and especially the decision to propose a harmonised approach to SCA across the region. "Giving both issuers and acquirers clear milestones ahead of the new deadline provides a natural glide path that will be vital for a smooth and consistent migration across Europe.

"While it’s tempting to relax a bit with an extension, we urge payment providers and merchants to avoid kicking the can down the road and on-board new SCA implementation systems early to iron out any kinks and ensure they are fully compliant in time for the revised deadline," he continued, adding: "Otherwise, they may run the risk of last-minute snags and compliance concerns putting a dampener on the festive season come December 2020.”

Share Story: