Extension to be allowed on strong customer authentication
The European Banking Authority has announced that firms are to be given leeway on implementation of strong customer authentication.
Over recent months, it has become clear that many payment service providers (PSPs) and other players in the payments chain will not be ready to introduce strong customer authentication (SCA) from the deadline of 14 September given in the European Banking Authority’s (EBA) regulatory technical requirements (RTS). SCA requires that authentication for payments and data sharing under PSD2 be done using two-factors.
The Authority has therefore given way to industry pressure and published an opinion, stating that firms which are not ready may negotiate ‘limited extra time’ with their competent authority – in the UK this is the Financial Conduct Authority (FCA). The condition of such an extension is that firms agree an implementation plan with the FCA and execute it in an ‘expedited manner’.
This will be very good news for a large number of companies in the UK who have feared that services using payment data, such as SME accounting and personal finance apps would cease to function properly from 14 September if access to the screen-scraping services they normally use were switched off.
Two of three factors must be present to authenticate a transaction: these are something the customer knows, something they possess and something that is inherent to them. The EBA opinion also gives further detailed explanation of what factors can be included in these three categories. For example biometrics, including iris scans, keystroke analysis and voice recognition do fall within ‘inherence’ while swiping patterns do not. Having an app ‘bound’ to a device through a smart chip does count as possession, while the numbers printed on the back of a card do not.
Latest News from
G7 Summit: techUK urges leaders to align on digital policies23/08/2019 10:05:00
Ahead of the G7 Summit, techUK urges leaders to make progress in aligning digital policies and boosting the growth of the digital economy.
Explaining adequacy; personal data transfers to the EEA under no deal22/08/2019 16:25:00
Transfering personal data from to the EEA will become harder under no deal, here techUK explains why, and the next steps the UK should take.
PublicTechnology catch up with GDS Innovation lead Sue Bateman22/08/2019 13:05:00
GDS Innovation Lead Sue Bateman explores the Innovation Strategy’s chances of a lasting-legacy.
New Local Public Services Committee announced21/08/2019 14:15:00
techUK delighted to announce the members of the Local Public Services Committee.
Local Digital Fund open for next round of funding for councils20/08/2019 13:05:00
Councils looking to improve public services through digital technology can apply for funding from today.
Justice & Emergency Services Management Committee: Quarterly Statement16/08/2019 09:20:00
Following on from the great engagement from the Chair’s Interim Statement in May, the Justice & Emergency Services Management Committee are releasing a quarterly communication.
£250m NHS AI Lab Announced15/08/2019 11:10:00
The Prime Minister, Health Secretary, NHS CEO and NHSX CEO came out in force last week to announce a £250m fund to ‘boost artificial intelligence to solve some of the biggest challenges facing the NHS’.
Government announce CSIIF funding and UK Cyber Council Delivery Lead14/08/2019 16:05:00
The third round of funding through the Cyber Skills Immediate Impact Fund (CSIIF) has been launched today by Cyber Security Minister Nigel Adams.