Search This Blog
Showing posts with label RTS. Show all posts
Showing posts with label RTS. Show all posts

Wednesday, 6 May 2020

FCA Delays SCA... Again

The UK's Financial Conduct Authority has again delayed its deadline for enforcing the implementation of 'strong customer authentication' in e-commerce transactions, until 14 September 2021. 

The FCA had already turned a blind eye to the threshold for applying SCA to contactless card transactions, in light of the role that contactless cards play in social distancing.

The FCA still expects firms to follow the industry implementation plan agreed with UK Finance, though that can now be extended to the new deadline.
Posted by Pragmatist 0 comments
Labels: , , , , , , , ,

Monday, 6 April 2020

FCA Turns Blind Eye To SCA For Contactless Card Payments

The introduction of 'strong customer authentication' (SCA) - also known as 'two factor authentication' or 'multi-factor authentication' for remote and electronic payment transactions has had a checkered history. Payment service providers should have been challenging customers to provide extra authentication details from 14 September 2019. But lack of industry preparation led the FCA (in line with the European Banking Authority and other EU national regulators) to state that it will not enforce the requirement until 14 March 2021, so long as PSPs are following an agreed industry plan to introduce the checks. In light of the COVID19 crisis, the FCA has now added:
"...we are very unlikely to take enforcement action if a firm does not apply strong customer authentication when the cumulative amount of transaction values has exceeded EUR 150 or five contactless transactions in a row. But this is only as long as the firm sufficiently mitigates the risk of unauthorised transactions and fraud, by having the necessary fraud monitoring tools and systems in place and taking swift action where appropriate."
Further time may also be allowed for introducing SCA for e-commerce payments generally, beyond 14 March 2021.

Meanwhile, the date for applying regulatory standards to secure communications amongst PSPs was also deferred from 19 September 2019 to 14 March 2020, yet some PSPs have not complied. The FCA is also letting them off the hook, where they are "facing further delays due to coronavirus:
"...we will consider on a case-by-case basis the appropriate further measures. In doing so, we will in particular consider:
  • firms’ security around authentication to access their online banking and when making payments;
  • their controls and processes to reduce fraud;
  • whether that impact is likely to be exacerbated given the current circumstances."
 
Posted by Pragmatist 0 comments
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)