The FCA has extended the deadline for the implementation of strong customer authentication (SCA) for online purchases by a further six months.
“Previously merchants had until 14 September 2021 to ensure that all ecommerce transactions in the UK were compliant with the SCA customer identity verification regulation, but this deadline has now been put back until 14 March 2022”.
“This further six-month extension is to ensure minimal disruption to merchants and consumers, and recognises ongoing challenges facing the industry to be ready by the previous 14 September 2021 deadline, The new 14 March 2022 deadline is the latest we expect full SCA compliance for e-commerce transactions. We previously agreed to give firms extra time to implement SCA for card-based e-commerce transactions in response to concerns about industry readiness, and to limit the impact on consumers and merchants, the FCA says.”
“Since 14 September 2019, rules have applied that affect the way banks and other payment services providers check that the person requesting access to an account or trying to make a payment is permitted to do so. We have agreed to give firms extra time to implement these rules in some circumstances.
The new rules, referred to as SCA, are intended to enhance the security of payments and limit fraud during this authentication process. These rules are set in the Payment Services Regulations 2017 (PSRs) and the related technical standards. They apply when a payer:
- initiates an electronic payment transaction
- accesses their payment account online
- carries out any action remotely that may imply a risk of payment fraud unless an exemption applies
- We expect firms to develop SCA solutions that work for all groups of consumers.
This means that you may need to provide several different methods of authentication for your customers. This includes methods that don’t rely on mobile phones, to cater for consumers who don’t have, or won’t want to use, a mobile phone”.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.