Pandemic raises concerns over SCA deadline

The European payments industry may not be prepared to reach the deadline for strong customer authentication (SCA) as it attempts to mitigate the coronavirus outbreak, some market participants say. Uncertainty pervades the sector ahead of the December 2020 deadline for the EU and March 2021 deadline for the UK, with travel and retail sectors struggling. …

by | April 1, 2020 | bobsguide

The European payments industry may not be prepared to reach the deadline for strong customer authentication (SCA) as it attempts to mitigate the coronavirus outbreak, some market participants say.

Uncertainty pervades the sector ahead of the December 2020 deadline for the EU and March 2021 deadline for the UK, with travel and retail sectors struggling.

“Coronavirus has hit the retail sector hard in every conceivable way, even in payments. 2020 should have been the year in which online merchants were able to transition to a fully PSD2-compliant processing of card payments… But now retailers have other worries, they need to be able to retain employees and compensate for lost sales,” said Henning Brandt, head of communication at payment service provider Computop, in an email.

“Whilst wavering between ‘all hands-on deck’ and short-time work, the optimisation of internal processes quickly falls by the wayside. The next few weeks in retail will show whether the delays are so serious that they can no longer be accommodated, but ultimately this decision will fall to the national supervisory authorities.”

Designed to provide more secure payments under the European Union’s Second Payment Services Directive (PSD2), the SCA protocol had an original deadline of September 2019. That deadline was extended as many market participants struggled to implement the three-factor authentication that it mandated.

The European Banking Authority (EBA) does not have a plan to extend the deadline further, focusing instead on how to maintain well-functioning payment services during the current pandemic, according to a spokesperson.  

“All other requirements set out in the Opinion remain unchanged, including the end date of the additional transition period [to SCA]. The EBA will continue to monitor events and assess which, if any, additional measures need to be taken,” they said, via email. The EBA has however removed the need for National Competent Authorities (NCAs) to report their SCA readiness by March 31, 2020.

For many players in the travel and retail industries, reaching SCA compliance has been a challenge. According to an October 2019 study by Amadeus, only 35 percent of travel and hospitality businesses would have been ready for the previous deadline, with 65 percent believing SCA would have a negative impact on their online sales. With uncertainty over how long the pandemic will last and what the long-term effects will be on travel, hospitality and retail, it is unclear whether businesses can make headway before December.

Tom Jenkins, CEO of the European Tourism Association (ETOA) describes a time of “genuine crisis” for many companies. He speculates that any non-immediate issue, including impending directives, will be overlooked for the foreseeable future.

“In a knife fight for survival no one’s going to discuss the wallpaper,” says Jenkins.

Changes have already been made by the EBA and NCAs to accommodate the payment space during the pandemic. Payment service providers (PSPs) have been encouraged to increase the threshold of their contactless limits to £45/€50, exemptions which were already existing through Article 11 of the Regulatory Technical Standards (RTS) on SCA.

According to a spokesperson at UK Finance, an increase on the contactless limit was already being considered by the payments industry, but the change was introduced more quickly as part of the industry’s response to the coronavirus outbreak. The increased threshold will remain post-pandemic.

"Some things can happen surprisingly fast,“ said Brandt. 

Categories:

Resources

Revenue Management: How Banks Can Create Streamlined Processes and Provide Value

Other | Banking Revenue Management: How Banks Can Create Streamlined Processes and Provide Value

SunTec Business Solutions

Revenue Management: How Banks Can Create Streamlined Processes and Provide Value

Revenue management is a crucial process for banks. From customer onboarding to deal evaluation and designing new deals, there are… Continue Reading

View resource
Digital Banking Engagement Hubs

White Paper | Banking Digital Banking Engagement Hubs

Infosys Limited

Digital Banking Engagement Hubs

In our 30-criterion evaluation of digital banking engagement hub providers, we identified the nine most significant ones — Backbase, CREALOGIX,… Continue Reading

View resource
CompatibL Cloud Q&A

Brochure / Fact Sheet | Banking CompatibL Cloud Q&A

CompatibL Technologies LLC

CompatibL Cloud Q&A

Alexander Sokol, CompatibL’s Executive Chairman and Head of Quant Research, took part in a Q&A session on cloud computing in… Continue Reading

View resource
The FBI Got Hacked | The Cyber Show, Ep 10 by ThreatAdvice

Video | Banking The FBI Got Hacked | The Cyber Show, Ep 10 by ThreatAdvice

NXTsoft

The FBI Got Hacked | The Cyber Show, Ep 10 by ThreatAdvice

Anyone can fall victim to cyberattacks, and the FBI is no exception. Earlier this month, their email servers were hacked… Continue Reading

View resource