The Financial Conduct Authority (FCA) has finalised a plan to give e-commerce players, such as card issuers, payments firm and online retailers, a grace period of up to eighteen months to implement Strong Customer Authentication (SCA) rules instead of by 14 September 2019.
The new Strong Customer Authentication (SCA) rules under the revised Payment Services Directive (PSD2) are new benchmark requirements that organisations across Europe will need to abide by to authenticate their customers and to reduce instances of fraud, especially during the payment stage.
Initially, organisations across Europe were required to change their authentication processes to implement SCA rules by 14 September 2019. However, FCA had asked for more time for the e-commerce industry, stating that given the complexity of SCA requirements, the lack of industry preparedness, and the potential of significant disruption for consumers, industry needed more time.
Responding to the European Banking Authority's decision to fully implement new SCA rules by September this year, FCA said that before making the new rules mandatory for e-commerce players, it needed to "agree a plan with stakeholders across the industry that encompasses a blueprint for compliance and readiness, a timetable for achieving this, and key milestones and targets to deliver improved security of customer authentication and fraud reduction along the way".
E-commerce industry gets 18 months to implement SCA rules: FCA
Earlier this week, FCA announced that it has agreed on an eighteen-month plan with the e-commerce industry to fully implement the new Strong Customer Authentication (SCA) rules which will enhance the security of payments and limit fraud once implemented.
"The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause a material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction," said Jonathan Davidson, Executive Director for Supervision – Retail and Authorisations.
"The FCA will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.
"The FCA will also continue to monitor the extent to which banks and payment service providers are meeting its expectation that they consider the impact of SCA on different groups of consumers, and provide alternative means of authentication where needed," the industry watchdog said in a press release.
ALSO READ: Cyber resilience still a top concern for most UK firms: FCA