/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.

EBA offers wiggle room on deadline for PSD2 authentication rules

Under industry pressure, the European Banking Authority has paved the way for some firms, on an "exceptional basis", to get an extension of the September deadline for new Strong Consumer Authentication (SCA) rules for e-commerce transactions.

  29 Be the first to comment

EBA offers wiggle room on deadline for PSD2 authentication rules

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

From September, the SCA regulation under PSD2 will mean that European shoppers will have to authenticate online payments over EUR30 with two of the following: something they know (like a password), are (fingerprint/face ID), or have (phone).

The new rules have faced strong opposition from an industry which is widely seen to not be ready for the switch; a recent study from Stripe found that just half of 500 businesses surveyed expect to be compliant, a picture that could cost Europe's online economy more than EUR50 billion.

In an opinion on the subject, the EBA says the industry has had enough time to prepare for SCA, which was first unveiled in PSD2 in 2015, adding that there has already been an additional 18-month implementation period.

However, the opinion acknowledges that there are particular challenges for actors, such as e-merchants, that are not payment service providers and therefore not directly subject to PSD2.

Bowing to the inevitable, the EBA says that national competent authorities (CAs) may decide to work with PSPs and stakeholders such as merchants and consumer to "provide limited additional time to allow issuers to migrate to authentication approaches that are compliant with SCA...and acquirers to migrate their merchants to solutions that support SCA".

This flexibility is under the condition that PSPs at least have a migration plan agreed with their CAs and the plan is executed quickly.

You can read the full opinion, which also sets out details on the elements of SCA, here:

Download the document now 435.6 kb (Chrome HTML Document)
Sponsored [Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the future

Comments: (0)

[Webinar] Money Mule Defence: Practical Applications and the Role of TechnologyFinextra Promoted[Webinar] Money Mule Defence: Practical Applications and the Role of Technology