UK regulatory body Financial Conduct Authority (FCA) has published a new plan for the payments and e-commerce industry to extend strong customer authentication (SCA) implementation.
FCA has arranged an 18-month plan to implement SCA in co-operation with the e-commerce industry of card issuers, payments firm and online retailers – extending the original deadline of 14 September 2019.
Jonathan Davidson, executive director, supervision, retail and authorisations, explained: “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster.
“While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”
The plan follows a recent opinion released by the European Banking Authority (EBA) which noted the need to delay the enforcement of SCA due to “the complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers.”
Alongside this was another report released by the Emerging Payments Association (EPA) which found 75% of issuers said they would be ready for the 14 September deadline but only from a compliance standpoint not operational.
Firms who do not meet the relevant requirements for SCA from 14 September 2019 will not be met with repercussions so long as “there is evidence that they have taken the necessary steps to comply with the plan.”
The FCA concluded by noting at the end of the 18-month period, it expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.
Speaking to Payment Expert, Steve Cook, specialist biometrics and digital identity consultant, said the delay is a smart move simply due to the fact you cannot let security falter.
He said: “It is very likely that the majority of financial institutions would have already deployed a number of biometric modalities by then for the benefit of their customers in offering an alternative to passwords, PINs and OTPs.
“As we know passwords are unreliable and can be hacked or stolen. In order to improve the user experience and create a frictionless customer journey, biometrics are seen as one alternative to the issues in solving the digital identity puzzle.
“So by March 2021, integrating SCA should be relatively straight forward if customers are already using a biometric credential to verify their identity on a daily basis.”