//alert(email); }); return false; You can register online or follow us on Twitter or LinkedIn to receive our latest news, events and publications. if( msg.text() !== '' ){ The cookie is set by addthis.com to determine the usage of Addthis.com service. It is mandatory to procure user consent prior to running these cookies on your website. The latest EBA Opinion, published on 16 October 2019, recommends that the period of supervisory flexibility for implementation of strong customer authentication (SCA) requirements under the second Payment Services Directive 2015/2366 (PSD2) should end on 31 December 2020, 15 and a half months after entry into force of the requirements on 14 September this year. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Non-Necessary'. This delay follows an original opinion published by the EBA on 21 June 2019 (see our previous post on this here) which suggests that NCAs should temporarily suspend their enforcement on the SCA requirements. var msg = $( '.wysija-msg' ); This June opinion accepted that NCAs may exercise supervisory flexibility in order to grant PSPs limited additional time for SCA implementation, but did not set any definitive period for implementation. Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. setTimeout(function() { SCA, part of the Payment Services Directive (PSD2), requires merchants to introduce two-factor authentication when purchasing online. We anticipate the FCA will make a statement in the coming weeks as to whether it will continue with its migration plan, or whether it will revise its implementation timeline to align with the EBA Opinion. “While it’s tempting to relax a bit with an extension, we urge payment providers and merchants to avoid kicking the can down the road and on-board new SCA implementation systems early to iron out any kinks and ensure they are fully compliant in time for the revised deadline. EBA standing firm on SCA. This cookie is set by addthis.com on sites that allows sharing on social media. NCAs subsequently started to publish their own migration plans (including the UK, French and Danish regulators which each announced an 18 month enforcement delay until March 2021). The first of these is a 31 December 2019 deadline for PSPs to inform their national regulators of the authentication methods they are making available to customers and which comply under SCA. This cookie is installed by Google Analytics and collects information on how users interact with the website. This would put a dampener on the festive season come December 2020.”. require PSPs to meet the various “milestones” and “expected actions” during the migration period (see table 1 and table 2 starting on page 5 of the Opinion for more details); communicate to PSPs within their jurisdiction that the supervisory flexibility granted by NCAs does not represent a delay in the SCA application date, but a non-enforcement period (where NCAs will not take sanction actions against PSPs provided that they comply with the milestones and expected actions found within the Opinion); and. © 2014 TAS S.p.A. All rights reserved. }); consumers that may not have a mobile phone or online banking but that make card purchases online. Whistle blowing policies – why have them and what to put in them? Therefore, NCAs should communicate to their PSPs that the liability regime under Article 74 of the PSD2 applies and that issuing and acquiring PSPs are still liable for unauthorised payment transactions. Is the primary cookie that records the user consent for the usage of the cookies upon accept and reject. The European Banking Authority (EBA) has released a new opinion on strong customer authentication (SCA), revealing a possible route for extensions ahead of the September 14 deadline.. Five myths about fixed-term employment contracts. This cookie is used to measure the number and behavior of the visitors to the website anonymously. //window.location.replace( 'http://your_thank_you_page_url' ); The EBA, working in partnership with payment service providers, acquirers, issuers, merchants, and the payment networks, published its opinion on the deadline and process for completing the migration to SCA. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc. These cookies track visitors across websites and collect information to provide customized ads. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors. - P.I. For many players in the travel and retail industries, reaching SCA compliance has been a challenge. Initially scheduled for introduction on 14 September, the postponement demonstrates that EBA has acknowledged the potential for a significant impact on PSPs, TPPs and consumers alike. Regulated and unregulated clients should continue to implement SCA as quickly as reasonably possible and monitor for any updates released by the FCA and other NCAs. The latest EBA Opinion, published on 16 October 2019, recommends that the period of supervisory flexibility for implementation of strong customer authentication (SCA) requirements under the second Payment Services Directive 2015/2366 (PSD2) should end on 31 December 2020, 15 and a half months after entry into force of the requirements on 14 September this year. Since the announcement, the news has been welcomed by a number of financial institutions across Europe. At the moment, it is unclear whether the FCA will bring forward its deadline in order to comply with the EBA Opinion. Strong Customer Authentication, or SCA as it is commonly referred to, is an important and far-reaching mandate aimed at stepping up security during e-commerce payment transactions, taking into account the new and evolving scenarios introduced under PDS2 and Open Banking.. Our sense is that, for some industry players, 18 months was already an ambitious timeline and that some may struggle to be compliant within a 15-month period. This move has been warmly welcomed by the majority of PSPs, many of whom were struggling to implement the new rules or concerned about the lack of uniformity, which risked undermining the goal of having one single and competitive EU payments market. EBA extends SCA deadline to 31 December 2020. In the opinion, the EBA claimed NCAs would be given ‘limited’ additional time. Otherwise, they may run the risk of last-minute snags and compliance concerns. Since then, a number of financial regulators across Europe have put a hold on the SCA process. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. By clicking “Accept”, you consent to the use of ALL the cookies. The EBA’s most recent opinion recommends national competent authorities (NCAs) to take a consistent approach towards the SCA migration period and to require PSPs to carry out the actions set out. This may include solutions such as PIN-authentication or fingerprint ID scanning. Although the SCA requirements for e-commerce card-based payment transactions officially came into force on 14 September 2019, few European banks or PSPs have started enforcing these requirements and declining non-authenticated payments.