The European Banking Authority (EBA) has extended the deadline for Strong Customer Authentication (SCA) to December 31 2020.
SCA, part of the Payment Services Directive (PSD2), requires merchants to introduce two-factor authentication when purchasing online. This may include solutions such as PIN-authentication or fingerprint ID scanning.
The EBA’s most recent opinion recommends national competent authorities (NCAs) to take a consistent approach towards the SCA migration period and to require PSPs to carry out the actions set out.
In addition, the EBA suggested NCAs should focus on monitoring migration plans instead of pursuing immediate enforcement actions against PSPs that are not compliant with SCA.
The opinion also notes that consumers will be protected against fraud as required by Law. Therefore, NCAs should communicate to their PSPs that the liability regime under Article 74 of the PSD2 applies and that issuing and acquiring PSPs are still liable for unauthorised payment transactions.
Welcoming the news
Since the announcement, the news has been welcomed by a number of financial institutions across Europe.
Brian Gaynor, Executive Director, Product Solutions, J.P. Morgan, said:“We fully welcome the clarity the EBA announcement brings. Especially the decision to propose a harmonised approach to SCA across the region. Giving both issuers and acquirers clear milestones ahead of the new deadline provides a natural glide path that will be vital for a smooth and consistent migration across Europe.
“We expect to see a phased approach to implementation and will be working closely with our clients, and across the payments ecosystem more broadly, to ensure those milestones are met well ahead of new deadline. At J.P. Morgan we are SCA-ready and already monitoring SCA performance by issuer and by country.
“While it’s tempting to relax a bit with an extension, we urge payment providers and merchants to avoid kicking the can down the road and on-board new SCA implementation systems early to iron out any kinks and ensure they are fully compliant in time for the revised deadline. Otherwise, they may run the risk of last-minute snags and compliance concerns. This would put a dampener on the festive season come December 2020.”
SCA in the limelight
The new EBA announcement comes after it issued an opinion in June 2019 giving merchants extra time when implementing the regulations. In the opinion, the EBA claimed NCAs would be given ‘limited’ additional time.
Since then, a number of financial regulators across Europe have put a hold on the SCA process.
In August, the UK’s Financial Conduct Authority (FCA), was one of the first to implement a delay. This news was welcomed by businesses across the UK who were not yet ready to meet the deadline.
Following the FCA’s decions, the Central Bank of Ireland quickly announced a delay in rolling out SCA.
Furthemore, due to SCA requiring multi-factor authentication, merchants were worried customers would abandon their shopping. This is because more factors means more time is being spent.