FCA and UK Finance expected to delay SCA

The Financial Conduct Authority (FCA) is set to delay enforcement of the Strong Customer Authentication (SCA) payment security rules by than 18 months, on the recommendation of UK Finance.

This is according to reports in the Financial Times, which reported that as part of its consideration of an extension to the 14 September deadline for implementing the second Payment Services Directive (PSD2), the regulator asked the trade association to design an alternative timetable for the UK.

Final recommendations, which were agreed with the financial, retail and travel groups most impacted by the new rules, were submitted last Friday.

UK Finance is apparently recommending a minimum 18-month delay, with a further one-year extension for the hospitality and travel sector.

Taking its lead from a European Banking Authority (EBA) statement in June which allowed national authorities to “provide limited additional time”, the FCA confirmed a delay to the enforcement of stronger payment security standards to give firms more time to prepare.

The SCA rules require a two-step verification process for all online purchases over £30 most to help reduce fraud, but payments providers and e-commerce merchants have warned that a lack of industry preparedness would make more than a quarter of payments impossible to complete.

UK Finance is expected to officially present its recommendations to the FCA next week. They call for a revised March 2021 deadline to implement most of the technical requirements, and a further six months for a full-scale roll out.

Discussions are believed to be ongoing among national policy makers over the possibility of co-ordinating the new timetable on a cross-border basis.

UK Finance and the FCA declined to comment.

Steven Murdoch, chief security architect at OneSpan’s Cambridge Innovation Centre and associate professor at UCL, said he had some sympathy with financial institutions, as clarifications about from the EBA about their expectations for SCA were quite close to the deadline and the move as a result of the Brexit vote likely contributed to disruption.

“However, the EBA didn’t ask for anything that wasn’t already in the PSD2 and that was published in 2015 – there was even an 18 month implementation period following the publication of the Regulatory Technical Standards (RTS).

“Financial institutions were slower than necessary in implementing the published requirements and also had an overly optimistic interpretation of the RTS,” he continued, adding: “What has happened is that industry and regulator are working together to change the effect of law to the detriment of consumer protection.”

    Share Story:

Recent Stories


The Future of Intelligent Finance
FStech Group Editor Mark Evans sits down with Jason Cao, President of Global Financial Services Business Unit, Enterprise BG at Huawei ahead of its Intelligent Finance Summit which was held on 3rd and 4th of June in Shanghai. This Q&A delves into key trends in digital transformation of the financial services industry as well as a look at how data, robotic infrastructure, intelligent storage and innovative technologies are shaping the future for FSIs.

The Rise of Instant Payments
Instant payments are creating new business opportunities for banks by providing more touchpoints than ever. With these evolutions underway, Featurespace brought leading industry experts together to discuss how they are protecting customers from fraudsters in real time, utilizing innovative and disruptive solutions to reduce fraud. Click here to find out more.

Offloading Cyber Risk in the Cloud
As cyber attacks and data breaches are in the news on an increasingly regular basis - with regulatory penalties and customer trust on the line for financial services firms - it has never been more crucial to be compliant in the cloud.

This video, with Akamai’s EMEA director of security technology and strategy Richard Meeus, will help explain what your company can be doing to make sure it’s not embroiled in the next big fine or front-page scandal.