SCA: enforcement delayed
The FCA has taken the decision to delay the enforcement of strong customer authentication (SCA), set in the Payment Services Regulations 2017 (PSRs), by a further 18 months.
Strong Customer Authentication, are intended to enhance the security of payments and limit fraud during this authentication process. SCA affects the way banks or other payment services providers check that the person requesting access to their account or trying to make a payment is the person permitted to make a payment and validate specific payment instructions.
SCA applies when a payer:
- initiates an electronic payment transaction
- accesses their payment account online
- carries out any action remotely that may imply a risk of payment fraud
The new deadline for enforcement of SCA is now 14 March 2021. Any firm that fails to comply with the requirements for SCA, after this date, will be subject to full FCA supervisory and enforcement action as appropriate.
The FCA indicated that all parties involved in card-not-present transactions, both FCA regulated and unregulated, should continue to work together over the next 18 months to ensure the smooth and timely implementation of SCA by 14 March 2021.
SCA and PSD2: same deadline but a 6-month transition period
Account servicing payment service providers are required to have a PSD2-compliant way to provide TPPs with access to account data and payment functionality by 14 September 2019. This is either by a dedicated interface based on application programming interface standards or a modified customer interface. This remains the case.
However, to avoid disruption to consumers and TPPs the FCA has agreed an adjustment period of six months. Therefore, in certain circumstances, firms have until 14 March 2020 to implement SCA for online banking.
After 14 March 2020, failure to comply with the requirements for SCA and identification will be subject to full FCA supervisory and enforcement action as appropriate.
This is likely to mean that some, but not all, customers may not be asked for strong customer authentication when accessing their account online until 14 March 2020. Firms are expected to communicate with customers about any relevant changes to their online banking, including timings of such changes.
Latest News from
techUK encourages the UK government to seek membership of DEPA18/02/2020 14:05:00
techUK outlines its support for the UK to join the Digital Economy Partnership Agreement.
UK SPF Cluster 4 Chair Nominations Open18/02/2020 11:25:00
Cluster 4 focuses on international spectrum.
Staying Safe Online Campaign Week17/02/2020 16:25:00
Welcome to our #StayingSafeOnline Campaign Week! 17-21 February.
Introduction to our Staying Safe Online campaign week17/02/2020 11:20:00
We will focus on one theme a day with guest blogs, case studies and videos that explore the impact of the theme on the cyber industry.
Staying Safe Online Campaign Week14/02/2020 15:05:00
Welcome to our #StayingSafeOnline Campaign Week! This week will provide an opportunity for our members and stakeholders to share their analysis and advice on how to stay safe online in an increasingly complex digital environment.
Local digital adult social care projects awarded funding13/02/2020 15:10:00
This week, NHS Digital announced that sixteen organisations that provide and commission adult social care services are to receive a share of £4.5m to enable them to roll out their local digital projects on a wider scale.
techUK comments on Online Harms White Paper initial response12/02/2020 14:25:00
Vinous Ali, associate director of policy, comments on the Government's initial consultation response to the the Online Harms White Paper.
techUK supports #SaferInternetDay 202011/02/2020 16:25:00
techUK is proud to support #SID2020 as we seek to build a better and safer internet for all.