FCA says e-commerce industry needs 18 months to be fully SCA-compliant

FCA says e-commerce industry needs 18 months to be fully SCA-compliant

FCA e-commerce SCA rules

The Financial Conduct Authority (FCA) has finalised a plan to give e-commerce players, such as card issuers, payments firm and online retailers, a grace period of up to eighteen months to implement Strong Customer Authentication (SCA) rules instead of by 14 September 2019.

The new Strong Customer Authentication (SCA) rules under the revised Payment Services Directive (PSD2) are new benchmark requirements that organisations across Europe will need to abide by to authenticate their customers and to reduce instances of fraud, especially during the payment stage.

Initially, organisations across Europe were required to change their authentication processes to implement SCA rules by 14 September 2019. However, FCA had asked for more time for the e-commerce industry, stating that given the complexity of SCA requirements, the lack of industry preparedness, and the potential of significant disruption for consumers, industry needed more time.

Responding to the European Banking Authority’s decision to fully implement new SCA rules by September this year, FCA said that before making the new rules mandatory for e-commerce players, it needed to “agree a plan with stakeholders across the industry that encompasses a blueprint for compliance and readiness, a timetable for achieving this, and key milestones and targets to deliver improved security of customer authentication and fraud reduction along the way”.

E-commerce industry gets 18 months to implement SCA rules: FCA

Earlier this week, FCA announced that it has agreed on an eighteen-month plan with the e-commerce industry to fully implement the new Strong Customer Authentication (SCA) rules which will enhance the security of payments and limit fraud once implemented.

“The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause a material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction,” said Jonathan Davidson, Executive Director for Supervision – Retail and Authorisations.

“The FCA will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.

“The FCA will also continue to monitor the extent to which banks and payment service providers are meeting its expectation that they consider the impact of SCA on different groups of consumers, and provide alternative means of authentication where needed,” the industry watchdog said in a press release.

ALSO READ: Cyber resilience still a top concern for most UK firms: FCA

Copyright Lyonsdown Limited 2021

Top Articles

Hackers are using hacked Chipotle email account to steal your passwords

Hackers have reportedly taken control of an email marketing account used by the Chipotle food chain and are using the account to fool Internet users to share their personal information…

Hackney Council exposed personal details of vulnerable citizens online

Hackney Council committed an IT blunder that publicly exposed the names and addresses of women placed in temporary accommodation for their own safety.

US medical imaging firm Express MRI discovers a major security breach

Express MRI suffered a security breach in July last year that potentially compromised the personal healthcare information of patients.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]