Today, the UK’s Financial Conduct Authority (FCA) has confirmed an 18-month delay to the introduction of Secure Customer Authentication (SCA) rules – one of the most important legislations affecting the financial sector – in a bid to give firms more time to prepare.
As part of the PSD2 directive, the requirement stipulates stronger payment security standards for higher value transactions based on multifactor authentication, increasing the security of electronic payments. In our increasingly digitalised world and with the explosion in cybercrime, identity theft and fraud, online payments must look to set a standard that meets the expectations of the consumer.
According to data published by the FCA, reports of cyber incidents at financial services firms increased 1,000 per cent in 2018, and this figure is only expected to rise with the growth in mobile payments.
Despite fraud losses on UK-issued cards increasing 19% to £671.4 million last year, the FCA has bowed to pressure applied by the financial services community in extending the deadline. Jason Tooley, Chief Revenue Officer at Veridium, highlights the unacceptable length of the delay and the misalignment of expectations when consumers are entitled to enhanced, secure digital experiences. In response, more and more organisations daily are turning to a strategy of mobile and biometric based authentication in order to help support the required regulatory compliance.
Tooley comments: “It is disappointing to see such resistance from the financial services sector towards integrating Strong Customer Authentication into its services. Financial institutions and payment service providers have had nearly two years to prepare since the initial announcement, and there is no valid excuse for the delay in its enforcement apart from an unwillingness to participate. It would be interesting to understand the prioritisation of PSD2 Strong Customer Authentication as I’m aware that a number of financial services organisations viewed this as a business differentiator.”
“Whilst it is true that consumers will see minor changes to their day-to-day spending, the additional layer of security on higher value payments will enable consumers to benefit from safer and more innovative electronic payment services. The impact on consumers must not be overlooked by the lengthy delay in enforcement; Strong Customer Authentication will mean consumers are more confident when buying online – not act as a deterrent to sales as some have incorrectly suggested.”
But some see the delay as good news. Andrew Cregan, Payments Policy Advisor at the British Retail Consortium, welcomed the plan, saying: “The decision by the FCA avoids a payments cliff-edge, whereby 25-30% of e-commerce transactions made online after 14th September would have been at risk of failing as a result of the new laws. The 18 month, phased implementation of Strong Customer Authentication should allow retailers and banks time to put in place the necessary technical fixes required, and minimise any disruption in online transactions.
He continues: “The BRC supports the implementation of Strong Customer Authentication, which will strengthen the protections that customers have in their digital purchases. We are working closely with our members on this issue, however it is vital that the FCA keeps up the pressure on banks and payment service providers to deliver solutions in a time to avoid another cliff-edge in 18 months for retailers and other businesses on the front line.”