The UK’s Financial Conduct Authority (FCA) has confirmed an 18-month delay to the introduction of Secure Customer Authentication (SCA) rules in a bid to give firms more time to prepare.
As one of the most important legislations affecting the financial sector, the requirement stipulates stronger payment security standards for higher value transactions based on multifactor authentication, increasing the security of electronic payments.
The FT reported that the FCA said it will not take “any action against firms that are not ready for the rules in September, as long as there is evidence that they have taken the necessary steps to meet its longer transition plan, which will require firms to fully comply by March 2021.”
According to data published by the FCA, reports of cyber incidents at financial services firms increased 1,000% in 2018, and this figure is only expected to rise with the growth in mobile payments.
Jeremy Drew, Co-Head of Retail at law firm RPC commented: “Retailers are going to be delighted that the FCA is taking a pragmatic approach to enforcement of SCA. There has been real concern that some of the security solutions being offered to retailers were going to be so jarring to consumers that they would abandon purchases at the online checkout stage.”
“This gives more time for proper tests to be done on the technology to make sure it’s both secure and customer friendly.”
Insurtech startup Concirrus raises $6m
Jason Tooley, Chief Revenue Officer at Veridium, added: “It is disappointing to see such resistance from the financial services sector towards integrating Strong Customer Authentication into its services. Financial institutions and payment service providers have had nearly two years to prepare since the initial announcement, and there is no valid excuse for the delay in its enforcement apart from an unwillingness to participate. It would be interesting to understand the prioritisation of PSD2 Strong Customer Authentication as I’m aware that a number of financial services organisations viewed this as a business differentiator.”
“Whilst it is true that consumers will see minor changes to their day-to-day spending, the additional layer of security on higher value payments will enable consumers to benefit from safer and more innovative electronic payment services. The impact on consumers must not be overlooked by the lengthy delay in enforcement; Strong Customer Authentication will mean consumers are more confident when buying online – not act as a deterrent to sales as some have incorrectly suggested.”