The EPSM, a trade association for European payments services providers, has called for an 18 month delay to the introduction of Strong Customer Authentication (SCA) rules to prevent significant disruption to online and digital businesses.
The EPSM has joined its voice to a growing number of industry and regulatory institutions warning that businesses will not be ready for the EU-wide 14 September deadline to implement SCA rules, which is being introduced under the revised payment service directive (PSD2).
The SCA will require all businesses to implement two step authentication process for all purchases above €30.
The authentication is based on proving two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent.
In a statement, the EPSM said: “EPSM has made clear that rolling out SCA-compliant solutions to merchants poses major challenges. To avoid significant acceptance disruptions, EPSM recommends that all regions should agree an additional timeframe of 18 months for standard applications.”
The trade association is also recommending a delay of up to 36 months for challenging applications, such merchants working in the travel and hospitality sector.
It said its aim in recommending the delay is to find appropriate solutions for solving technical and operational challenges posed by remote card payments – for merchants, card holders, issuers, and acquirers.
It added: “This will deliver an EU-wide harmonised migration approach by the EBA and the 28 national regulators for remote card payments.”
Last month, the Financial Conduct Authority (FCA) agreed that some firms will be given extra time to implement the rules.
The European Banking Authority (EBA) also published an opinion acknowledging that implementing the new standards might be difficult for some merchants, with many being at risk of missing the deadline.
Recent Stories