UK payment providers push ahead with SCA

Payment providers operating in the UK are still planning to introduce Strong Customer Authentication (SCA) this year – despite regulators giving them until next March (2022) to comply. The new rules, which require a two-step verification process for all online purchases, were due to come into force on September 14, but the Financial Conduct Authority …

by | June 1, 2021 | bobsguide

Payment providers operating in the UK are still planning to introduce Strong Customer Authentication (SCA) this year – despite regulators giving them until next March (2022) to comply.

The new rules, which require a two-step verification process for all online purchases, were due to come into force on September 14, but the Financial Conduct Authority has announced a further six month extension to minimise disruption to merchants and consumers.

“The new March 14, 2022, deadline is the latest we expect full SCA compliance for e-commerce transactions,” it said in a statement.

However, Jana Mackintosh, managing director of payments and innovation at industry body UK Finance, said providers expected to be compliant over the coming months.

“Firms will continue to work towards implementing Strong Customer Authentication from June 2021 as planned,” she said.

Mackintosh pointed out that while the enforcement deadline has been pushed back, the industry continues to fight fraud on all fronts.

“It’s investing millions in advanced security systems to protect customers and supporting law enforcement to combat the organised criminal groups responsible for fraud,” she added.

Mark Anderson, multipay product manager at PayPoint, welcomed the FCA’s decision to give the industry some more breathing space as the country emerges from lockdown.

“The FCA’s decision to extend the deadline simply reflects its understanding of the challenges online businesses have faced and gives them more time to employ the strongest customer authentication (SCA) processes for the long-term,” he said.

However, Anderson emphasised that implementing SCA by the new deadline will still be critical for any business accepting card payments.

“While many may not have the resources available to invest in the changes required, by working with a digital payment provider they can quickly and cost-effectively protect their customers and comply with the regulations,” he added.

Anderson also pointed out that existing merchants had reported positive effects of increased security measures and weren’t against the new regulations.

“They have significantly enhanced their control of the authentication process without sacrificing the user experience, making it a win-win for businesses and their customers,” he added.

Other payment providers we contacted this week were less willing to go on the record with reactions to the FCA’s extension.

PayPal declined to comment, while Stripe confirmed it will work to the FCA’s guidelines.

The SCA standards were developed under the second EU Payment Services Directive (PSD2) and came into UK law following Brexit.

The aim was to enhance security and limit fraud by ensuring banks and payment providers know the person requesting access to the account is either the customer or has their consent.

While the new standards took effect in EU law back in September 2019, the European Banking Authority (EBA) granted national authorities permission to relax their approach to enforcement.

The FCA had previously endorsed an industry-led plan to be fully compliant by March 14, this year – along with regular milestones to achieve certain goals. It then moved the deadline back six months to September 14, in response to the coronavirus crisis, saying at the time that this represented “exceptional circumstances” for everyone.

With its latest extension, the FCA once again highlighted the ongoing challenges facing the industry to be ready by this deadline.

“We previously agreed to give firms extra time to implement SCA for card-based e-commerce transactions in response to concerns about industry readiness, and to limit the impact on consumers and merchants,” it stated.

However, the statement also emphasised the importance of embracing the new regulations.

“We welcome the implementation of SCA solutions which protect consumers while minimising the potential for disruption to customers and merchants,” it added. “We still expect firms to continue to take robust action to reduce the risk of fraud.”

Andrew Barber, a payments expert at law firm Pinsent Masons, believes this latest extension shows just how monumental a task it is for merchants to implement SCA for e-commerce transactions.

“Given the sheer scale of e-commerce activities and the complexity of the systems involved, the initial implementation period the EU set for SCA was clearly ambitious and the FCA is now rightly making adjustments to meet the realities of what industry is able to achieve,” he said.

Barber pointed out that the lesson to be learned was for industry and regulators to engage early and fully, while setting achievable timelines.

Rebecca Kimber, chief executive officer of Create.net, a Brighton-based provider of e-commerce websites, believes the extension will be welcomed by traders.

“From our store owners’ perspectives, it’s one less thing to worry about amongst the pandemic and Brexit-related changes like the upcoming EU VAT changes,” she said. “However, it’s a blow to greater security of online payments and the reduction in fraud which affects a lot of small businesses.”

Categories:

Resources

Corporate Cash Management Playbook

White Paper | Banking Corporate Cash Management Playbook

Infosys Limited

Corporate Cash Management Playbook

The ongoing global pandemic has exposed glaring inadequacies in the cash management system for banks. Fewer than 14 percent of… Continue Reading

View resource
WorldRemit: a ReconArt success story in remittance

Case Study | Payments WorldRemit: a ReconArt success story in remittance

ReconArt

WorldRemit: a ReconArt success story in remittance

While WorldRemit was growing fast, its existing reconciliation processes needed to scale up accordingly. Due to the high volume of… Continue Reading

View resource
The remittance industry & reconciliation: the ReconArt perspective

Case Study | Payments The remittance industry & reconciliation: the ReconArt perspective

ReconArt

The remittance industry & reconciliation: the ReconArt perspective

The role of each of the payment industry players requires overcoming infrastructure obstacles, penetrating diverse environments and tackling challenges concerning… Continue Reading

View resource
Stepping up Conduct Surveillance: 10 Must-Haves for Success

Brochure / Fact Sheet | Compliance Stepping up Conduct Surveillance: 10 Must-Haves for Success

NICE Actimize

Stepping up Conduct Surveillance: 10 Must-Haves for Success

  In every corner of the world, regulators are aggressively pursuing firms for conduct infractions, ranging from rogue trading to… Continue Reading

View resource