Pandemic raises concerns over SCA deadline

The European payments industry may not be prepared to reach the deadline for strong customer authentication (SCA) as it attempts to mitigate the coronavirus outbreak, some market participants say. Uncertainty pervades the sector ahead of the December 2020 deadline for the EU and March 2021 deadline for the UK, with travel and retail sectors struggling. …

by | April 1, 2020 | bobsguide

The European payments industry may not be prepared to reach the deadline for strong customer authentication (SCA) as it attempts to mitigate the coronavirus outbreak, some market participants say.

Uncertainty pervades the sector ahead of the December 2020 deadline for the EU and March 2021 deadline for the UK, with travel and retail sectors struggling.

“Coronavirus has hit the retail sector hard in every conceivable way, even in payments. 2020 should have been the year in which online merchants were able to transition to a fully PSD2-compliant processing of card payments… But now retailers have other worries, they need to be able to retain employees and compensate for lost sales,” said Henning Brandt, head of communication at payment service provider Computop, in an email.

“Whilst wavering between ‘all hands-on deck’ and short-time work, the optimisation of internal processes quickly falls by the wayside. The next few weeks in retail will show whether the delays are so serious that they can no longer be accommodated, but ultimately this decision will fall to the national supervisory authorities.”

Designed to provide more secure payments under the European Union’s Second Payment Services Directive (PSD2), the SCA protocol had an original deadline of September 2019. That deadline was extended as many market participants struggled to implement the three-factor authentication that it mandated.

The European Banking Authority (EBA) does not have a plan to extend the deadline further, focusing instead on how to maintain well-functioning payment services during the current pandemic, according to a spokesperson.  

“All other requirements set out in the Opinion remain unchanged, including the end date of the additional transition period [to SCA]. The EBA will continue to monitor events and assess which, if any, additional measures need to be taken,” they said, via email. The EBA has however removed the need for National Competent Authorities (NCAs) to report their SCA readiness by March 31, 2020.

For many players in the travel and retail industries, reaching SCA compliance has been a challenge. According to an October 2019 study by Amadeus, only 35 percent of travel and hospitality businesses would have been ready for the previous deadline, with 65 percent believing SCA would have a negative impact on their online sales. With uncertainty over how long the pandemic will last and what the long-term effects will be on travel, hospitality and retail, it is unclear whether businesses can make headway before December.

Tom Jenkins, CEO of the European Tourism Association (ETOA) describes a time of “genuine crisis” for many companies. He speculates that any non-immediate issue, including impending directives, will be overlooked for the foreseeable future.

“In a knife fight for survival no one’s going to discuss the wallpaper,” says Jenkins.

Changes have already been made by the EBA and NCAs to accommodate the payment space during the pandemic. Payment service providers (PSPs) have been encouraged to increase the threshold of their contactless limits to £45/€50, exemptions which were already existing through Article 11 of the Regulatory Technical Standards (RTS) on SCA.

According to a spokesperson at UK Finance, an increase on the contactless limit was already being considered by the payments industry, but the change was introduced more quickly as part of the industry’s response to the coronavirus outbreak. The increased threshold will remain post-pandemic.

"Some things can happen surprisingly fast,“ said Brandt. 

Categories:

Resources

API Connectivity Powering Digital Strategy, by NXTsoft

White Paper | Banking API Connectivity Powering Digital Strategy, by NXTsoft

NXTsoft

API Connectivity Powering Digital Strategy, by NXTsoft

Application programming interfaces (APIs) now serve as the critical device linking innovative technologies with fintech and core banking systems. This… Continue Reading

View resource
Deliver superior experience at every point along the customer journey.

Brochure / Fact Sheet | Banking Deliver superior experience at every point along the customer journey.

Appian Europe Ltd

Deliver superior experience at every point along the customer journey.

Leading retail and consumer financial institutions trust Appian to improve operational excellence and customer experience in retail banking. Appian retail… Continue Reading

View resource
Using Low-Code to Transform the AML and KYC Customer Journey

Anti-money laundering Using Low-Code to Transform the AML and KYC Customer Journey

Appian Europe Ltd

Using Low-Code to Transform the AML and KYC Customer Journey

Financial services organizations are under pressure to deliver a great customer experience while managing costs, risks, and compliance —all in… Continue Reading

View resource
What are the Responsibilities of a CISO?

Best Practice | Banking What are the Responsibilities of a CISO?

NXTsoft

What are the Responsibilities of a CISO?

A Chief Information Security Officer (CISO) is a senior-level executive accountable for overseeing all strategic, operational & financial aspects of… Continue Reading

View resource