FCA agrees 18-month delay to SCA
Written by Hannah McGrath
The Financial Conduct Authority (FCA) has confirmed a plan to grant the payments and e-commerce industry 18 months of extra time to implement Strong Customer Authentication (SCA).
It was reported last week that the financial regulator had drawn up plans to give the UK a minimum 18 month extension to the 14 September deadline for firms to comply with SCA rules required by European Union’s Payment Services Directive (PDS2).
It was also reported last week that a further year of extension could be offered to sectors most disrupted by the changes, including travel and hospitality.
The SCA rules require a two-step verification process for all online purchases over £30 most to help reduce fraud and increase payments security, but payments providers and e-commerce merchants had warned that a lack of industry preparedness would make more than a quarter of payments impossible to complete and lead to customers abandoning their purchase at checkout.
The move comes after final recommendations were agreed last Friday with trade body UK Finance and financial, retail and travel groups.
In a statement today, the FCA said it had agreed an “18-month plan to implement SCA with the e-commerce industry of card issuers, payments firm and online retailers.”
The regulator said the plan reflects the recent opinion expressed by the European Banking Authority (EBA) in June which set out that more time was needed to implement SCA given the “complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers.”
Jonathan Davidson, executive director for supervision at the FCA, said: “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster.
“While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction'.
The FCA said it will no longer take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply.
At the end of the agreed 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.
The FCA also said it would continue to monitor the extent to which banks and payment service providers are meeting its expectation that they consider the impact of SCA on different groups of consumers, and provide alternative means of authentication where needed.
Responding to the announcement, Eric Leenders, managing director of personal finance at UK Finance, said: “Fighting fraud must be a priority for everyone and these new rules will be an important tool in protecting customers, helping keep them safe when they shop online.
“Today’s FCA plan, which supports our proposals for a managed rollout, will help the industry ensure a timely migration to SCA and result in the best outcomes for consumers while effectively balancing both convenience and security”, he added.
SCA mandated that purchases over £30 are verified using two-step security such as a text message, phone call, banking app or card reader to check the customer’s identity.
Other methods being tested including biometric technologies that could allow customers to verify their purchase with a fingerprint.
Commenting on the 18 month extension, Jeremy Drew, co-head of retail at City law firm RPC, said: “Retailers are going to be delighted that the FCA is taking a pragmatic approach to enforcement of SCA.”
"There has been real concern that some of the security solutions being offered to retailers were going to be so jarring to consumers that they would abandon purchases at the online checkout stage."
He added: “This gives more time for proper tests to be done on the technology to make sure it’s both secure and customer friendly.”