FCA says e-commerce industry needs 18 months to be fully SCA-compliant

FCA says e-commerce industry needs 18 months to be fully SCA-compliant

FCA e-commerce SCA rules

The Financial Conduct Authority (FCA) has finalised a plan to give e-commerce players, such as card issuers, payments firm and online retailers, a grace period of up to eighteen months to implement Strong Customer Authentication (SCA) rules instead of by 14 September 2019.

The new Strong Customer Authentication (SCA) rules under the revised Payment Services Directive (PSD2) are new benchmark requirements that organisations across Europe will need to abide by to authenticate their customers and to reduce instances of fraud, especially during the payment stage.

Initially, organisations across Europe were required to change their authentication processes to implement SCA rules by 14 September 2019. However, FCA had asked for more time for the e-commerce industry, stating that given the complexity of SCA requirements, the lack of industry preparedness, and the potential of significant disruption for consumers, industry needed more time.

Responding to the European Banking Authority's decision to fully implement new SCA rules by September this year, FCA said that before making the new rules mandatory for e-commerce players, it needed to "agree a plan with stakeholders across the industry that encompasses a blueprint for compliance and readiness, a timetable for achieving this, and key milestones and targets to deliver improved security of customer authentication and fraud reduction along the way".

E-commerce industry gets 18 months to implement SCA rules: FCA

Earlier this week, FCA announced that it has agreed on an eighteen-month plan with the e-commerce industry to fully implement the new Strong Customer Authentication (SCA) rules which will enhance the security of payments and limit fraud once implemented.

"The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause a material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction," said Jonathan Davidson, Executive Director for Supervision – Retail and Authorisations.

"The FCA will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.

"The FCA will also continue to monitor the extent to which banks and payment service providers are meeting its expectation that they consider the impact of SCA on different groups of consumers, and provide alternative means of authentication where needed," the industry watchdog said in a press release.

ALSO READ: Cyber resilience still a top concern for most UK firms: FCA

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles