Extension to be allowed on strong customer authentication
The European Banking Authority has announced that firms are to be given leeway on implementation of strong customer authentication.
Over recent months, it has become clear that many payment service providers (PSPs) and other players in the payments chain will not be ready to introduce strong customer authentication (SCA) from the deadline of 14 September given in the European Banking Authority’s (EBA) regulatory technical requirements (RTS). SCA requires that authentication for payments and data sharing under PSD2 be done using two-factors.
The Authority has therefore given way to industry pressure and published an opinion, stating that firms which are not ready may negotiate ‘limited extra time’ with their competent authority – in the UK this is the Financial Conduct Authority (FCA). The condition of such an extension is that firms agree an implementation plan with the FCA and execute it in an ‘expedited manner’.
This will be very good news for a large number of companies in the UK who have feared that services using payment data, such as SME accounting and personal finance apps would cease to function properly from 14 September if access to the screen-scraping services they normally use were switched off.
Two of three factors must be present to authenticate a transaction: these are something the customer knows, something they possess and something that is inherent to them. The EBA opinion also gives further detailed explanation of what factors can be included in these three categories. For example biometrics, including iris scans, keystroke analysis and voice recognition do fall within ‘inherence’ while swiping patterns do not. Having an app ‘bound’ to a device through a smart chip does count as possession, while the numbers printed on the back of a card do not.
Latest News from
techUK CEO responds to the Chancellor's Winter Economy Plan25/09/2020 16:25:00
The Chancellor's Winter Economy Plan creates a new Job Support Scheme as well as more flexible loan repayments for firms.
techUK’s COVID-19 local government repository of tech & innovation25/09/2020 11:25:00
A collation of case studies from techUK’s Local Public Services Committee council & public sector partners on how they’ve innovatively responded to the crisis...
New trial to offer streamlined use of GOV.UK24/09/2020 17:11:00
A trial is being carried out to make government services easier to use online.
Government launches COVID-19 contact tracing app in England and Wales24/09/2020 16:25:00
The public is being urged to download the app in order to help reduce the spread of the virus.
DCMS announces Telecoms Diversification Task Force24/09/2020 11:25:00
Digital Secretary announces line-up of task force to advise on bold interventions to open up and grow the telecoms market in the UK.
Announcing techUK's September Cloud Security Champion!23/09/2020 11:25:00
techUK is delighted to announce that Lesley Kipling, Chief Security Advisor at Microsoft is this month's Cloud Security Champion.
techUK joins global industry in raising concerns over India NPD Report22/09/2020 11:25:00
techUK has joined a global industry coalition to raise concerns about the proposals in the Report by the Committee of Experts on Non-Personal Data Governance Framework.
Green Government: ICT and digital services strategy published21/09/2020 16:25:00
Defra has published its Greening government: ICT and digital services strategy 2020-2025.