The European Payment Institutions Federation is calling for a six-month extension to the PSD2 SCA deadline, which could allow banks to reevaluate their current plans.

The Payment Service Directive (PSD2) is a series EU regulation designed to make payment services safer and more innovative. The Strong Customer Authentication requirement means that banks or payment services providers must now provide additional authentication for online payments over €30 within Europe.

Customers must confirm their identity by providing two of the following: something the customer knows (for example an answer to a question), something they have (for example a hardware token) and something biometric such as a fingerprint.

The PSD2 SCA requirements are set to come into force in December, but due to the Covid-19 pandemic, the European Payment Institutions Federation, an international non-profit founded in response to the Payment Services Directive, has requested a deadline extension of six months.

The European Payment Institutions Federation wrote a letter to the European Banking Authority to “consider appropriate additional measures to assist and ensure the smooth transition to SCA in the EU” and “an additional testing period of at least six months, during which the industry should be allowed flexibility”.

PSD2 SCA deadline extension gives banks opportunity to re-evaluate plans

For customer identity Payfone, this extension could give banks the opportunity to re-evaluate their current plans for SCA and make necessary changes.

“The Covid-19 crisis has placed considerable pressure on banks and financial services organisations, in particular forcing the introduction of new processes to verify customers remotely. There’s a chance now for banks to take a step back and think about how this can be done, especially as the pandemic has encouraged a surge in cyberattacks,” said Keiron Dalton, VP at Payfone.

“Covid-19 has created a burst in mobile adoption. That in itself introduces more challenges, in particular around identity verification. Our relationship with our mobile provides a unique window of opportunity to leverage the longest-standing digital relationship we have, especially when you consider we get a mobile phone before we even start our banking journey”.

Elements of PSD2 regulation have already been subject to deadline extensions, with SCA requirements originally due to come into force in September 2019 before being pushed back.

“By making better use of mobile intelligence to get an accurate picture of customer behaviour, banks and financial services businesses are able to circumvent many of the routes through which fraudsters are often successful. If a cybercriminal, for example, attempts to pose as a customer, a mobile intelligence-based approach will be able to flag these unusual patterns of behaviour and help stop a fraudulent transaction from taking place. The verification processes can all be done behind the scenes, which helps maintain a seamless customer experience,” Dalton concluded.

“We’re living in a nervous time for many customers, so it’s important that banks are able to bring that peace of mind. By using insight and the underlying mobile technology available to master their understanding of customers, they’ll be able to take full charge of the authentication process and remain a step ahead of the hackers.”


Read more: Starling Bank adds in-app Slack integration.