Extension to be allowed on strong customer authentication
The European Banking Authority has announced that firms are to be given leeway on implementation of strong customer authentication.
Over recent months, it has become clear that many payment service providers (PSPs) and other players in the payments chain will not be ready to introduce strong customer authentication (SCA) from the deadline of 14 September given in the European Banking Authority’s (EBA) regulatory technical requirements (RTS). SCA requires that authentication for payments and data sharing under PSD2 be done using two-factors.
The Authority has therefore given way to industry pressure and published an opinion, stating that firms which are not ready may negotiate ‘limited extra time’ with their competent authority – in the UK this is the Financial Conduct Authority (FCA). The condition of such an extension is that firms agree an implementation plan with the FCA and execute it in an ‘expedited manner’.
This will be very good news for a large number of companies in the UK who have feared that services using payment data, such as SME accounting and personal finance apps would cease to function properly from 14 September if access to the screen-scraping services they normally use were switched off.
Two of three factors must be present to authenticate a transaction: these are something the customer knows, something they possess and something that is inherent to them. The EBA opinion also gives further detailed explanation of what factors can be included in these three categories. For example biometrics, including iris scans, keystroke analysis and voice recognition do fall within ‘inherence’ while swiping patterns do not. Having an app ‘bound’ to a device through a smart chip does count as possession, while the numbers printed on the back of a card do not.
Latest News from
Staying Safe Online Campaign Week17/02/2020 16:25:00
Welcome to our #StayingSafeOnline Campaign Week! 17-21 February.
Introduction to our Staying Safe Online campaign week17/02/2020 11:20:00
We will focus on one theme a day with guest blogs, case studies and videos that explore the impact of the theme on the cyber industry.
Staying Safe Online Campaign Week14/02/2020 15:05:00
Welcome to our #StayingSafeOnline Campaign Week! This week will provide an opportunity for our members and stakeholders to share their analysis and advice on how to stay safe online in an increasingly complex digital environment.
Local digital adult social care projects awarded funding13/02/2020 15:10:00
This week, NHS Digital announced that sixteen organisations that provide and commission adult social care services are to receive a share of £4.5m to enable them to roll out their local digital projects on a wider scale.
techUK comments on Online Harms White Paper initial response12/02/2020 14:25:00
Vinous Ali, associate director of policy, comments on the Government's initial consultation response to the the Online Harms White Paper.
techUK supports #SaferInternetDay 202011/02/2020 16:25:00
techUK is proud to support #SID2020 as we seek to build a better and safer internet for all.
Future of public safety services campaign week11/02/2020 11:25:00
This week techUK will highlight what the future of public safety will look like in a digital age #futurepublicsafety.
Help shape techUK’s digital devolution work10/02/2020 16:25:00
techUK is resurrecting its Digital Devolution Working Group to help inform our new report ahead of the next metro mayor elections.