New deadline set for March 2022
There is a well-known saying about only delaying the inevitable – and that seems to be applying to the UK’s implementation of Strong Customer Authentication (SCA) systems under the terms of the European Bank’s second Payment Services Directive (PSD2).
This week, the UK’s Financial Conduct Authority (FCA) announced a further delay to the implementation of SCA rules on e-commerce transactions – which are now pushed back to March 2022.
The FCA has acted after recognising that the effects of the Covid-19 pandemic has made business practice more challenging. But this is not the first Covid-related extension to the deadline for compliance.
Since March 2020, UK banks have been required to comply with the SCA rules for mobile and online banking but recognising that extending SCA rules to all e-commerce transaction required co-ordination of multiple parties and across multiple markets, the FCA granted an additional year for e-commerce SCA compliance.
An initial six-month extension, to September this year, was granted last year by the FCA following the devastating outbreak of Covid-19. Now, recognising the challenges still faced by the industry, the FCA has granted a further – and its statement implies final – extension to March 2022.
The PSD2 regulations require all e-commerce transactions above €30 to be subject to SCA processes. This anti-fraud protection requires two-stage proof before the transaction can be completed – and simple text message authentication systems do not meet the SCA threshold for security.
Commenting on the latest extension, Ensygnia Founder and Chairman, Richard H Harris said:
“UK businesses and payment service providers still have work to do to get everyone ready for SCA. The extension is welcome because so many firms are not ready today and have not made enough progress to be ready by September – many of them have just been concentrating on staying in business during the challenges of the past 12 months.
“But compliance with the rules will be required. The inevitable can be delayed, but it cannot be avoided,” he added. “And our Onescan platform and authentication system is ready to help. It can be up and running in weeks rather than months, and what’s more, it’s cloud-based nature means it can quickly scale to meet demand.”
Ensygnia’s Onescan platform uses specially created, token-based, encrypted QR codes to generate authentication from any mobile device. It doesn’t require any specialist app or download and doesn’t involve any central storage of personal data.
To find out more about Ensygnia Onescan, click here. You can also download our PSD2 and SCA compliance guide.