The UK’s Financial Conduct Authority (FCA) will give some firms additional time to meet Strong Customer Authentication compliance.
Its decision comes in response to the European Banking Authority’s (EBA) recent opinion on the regulation. Last week, the EBA answered questions around market readiness for the regulation, which is part of PSD2, stating that no extension will be made due to belief enough time has already been given.
However, the EBA did agree that there is complexity around payments space across the EU, such as interactions between actors that are not payment service providers and not subject to PSD2. Due to this, the EBA has stated on an exceptional basis NCAs may decide to work with PSPs and relevant stakeholders, including customers and merchants, to gain additional time.
The Opinion from the EBA gives the FCA the ability to allow some firms extra time to implement SCA.
Legally, the deadline for SCA and PSD2 is 14 September 2019; however, the FCA is working with the industry to create a plan to migrate the industry to implement SCA for card payments in e-commerce as soon as possible after this.
Moving forward, the FCA will agree a plan with stakeholders across the industry which incorporates a blueprint for compliance and readiness, a timetable for achieving this, and key milestones and targets to offer improved security of customer authentication and fraud reduction, it said. There will be close cooperation with industry stakeholders and other authorities such as the Payment Systems Regulator.
Upon finishing this, all participants will be expected to meet the agreed milestones within the given timeframe.