UK issuers and merchants to get extra 18 months to implement Strong Customer Authentication

Entrance to FCA building
EXTRA TIME: The FCA has extended the deadline for card issuers and merchants to implement SCA

The UK’s Financial Conduct Authority (FCA) has agreed to give card issuers and merchants an extra 18 months to implement Strong Customer Authentication (SCA), the new customer identity verification regulation which forms part of the EU’s revised Payment Services Directive II (PSD2).

The move follows the European Banking Authority’s June 2019 decision to allow EU member states to provide “limited additional time to allow issuers to migrate to authentication approaches that are compliant with SCA” and a call by European merchants in July for all EU member states to agree to an 18-month extension of the deadline.

SCA requirements were originally due to come into force on 14 September 2019.

Both the Bank of Italy and the Central Bank of Ireland have already indicated their willingness to agree to an 18-month deadline extension.

Complex requirements

“The FCA has today agreed an 18-month plan to implement SCA with the e-commerce industry of card issuers, payments firms and online retailers,” the regulator announced on 13 August.

“The plan reflects the recent opinion of the European Banking Authority (EBA) which set out that more time was needed to implement SCA given the complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers.”

Under the terms of the new phased introduction, the FCA will not take enforcement action against firms that do not meet the SCA deadline “where there is evidence that they have taken the necessary steps to comply with the plan”.

“At the end of the 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA,” it adds.

Monitoring impact

“The FCA will also continue to monitor the extent to which banks and payment service providers are meeting its expectation that they consider the impact of SCA on different groups of consumers, and provide alternative means of authentication where needed.”

‘The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster,” says Jonathan Davidson, FCA executive director for supervision for retail and authorisations.

“While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”