The Financial Conduct Authority (FCA) has confirmed an 18-month extension to implement Strong Customer Authentication (SCA) rules with the e-commerce industry, including card issuers, payments firms and online retailers.
Proposed by the European Union, the rules will impact the ways in which banks and payment service providers verify customers’ identities and validate payment instructions.
The European Banking Authority has decided that 18 months is a reasonable time frame in which to implement SCA, given: “The complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumes,” the FCA said.
The rules will apply from 14th September 2019, but the FCA does not intend to take immediate action against e-commerce firms that do not meet the full SCA requirements, as long as there is evidence that they have taken steps to comply. By the end of the 18-month period, the FCA expects all firms to have undertaken the testing required to apply SCA.
The regulator will continue to monitor the extent to which banks and payment services – which will still have to provide alternative means of authentication where necessary – are considering the impact of SCA on their customers.
Jonathan Davidson, Executive Director for Supervision – Retail and Authorisations, said: “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”
