EBA sets new EU-wide deadline for payment security rules

The European Banking Authority has pushed back the deadline for the migration to Strong Customer Authentication (SCA) standards to 31 December 2020, giving national authorities a 15-month extension to implement the new rules.

  18 5 comments

EBA sets new EU-wide deadline for payment security rules

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Initially scheduled for introduction last month, the EBA in June acknowledged the complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers, paving the way for some firms, on an "exceptional basis", to get an extension if cleared by national authorities.

Since publishing the edict, some national authorities including the FCA and the Central Bank of Ireland, have announced a delay to the roll out in order to give firms more time to prepare. UK Finance has also recommended a further one-year extension over and above the 31 December 2020 deadline for the hospitality and travel sector.

However, there was concern about the failure to agree a harmonised approach to the migration time periods across the European Union.

In setting down the new deadline, the EBA has moved to clarify the position across Europe, urging domestic market regulators to focus on "monitoring migration plans instead of pursuing immediate enforcement actions against payment service providers that are not compliant".

Sponsored New Event Report – Natural Capital Finance

Comments: (5)

A Finextra member 

31st December amid the new year sales and Christmas tech freeze seems a particulalry good date to go for....

A Finextra member 

I agree with @ Finextra member above. Far from ideal, though the EBA's preferred a maximum delay of 12 months which would have taken us to September next year - far from ideal too!

I guess the industry now needs to stop talking about it and up their game to ensure that the consumer impact is minimised and merchants are given the tools they need to maximimse the exemptions allowed by the RTS.

Still unclear what will happen for the travel and hospitality sectors.  Still lots of outstanding questons like 'how can a consumer authenticate if (for example) they want to download a movie and they're 30,000' in the air"? 

A Finextra member 

Dear Finextra Member no 2:

What is the rationale for the issuer of the card to agree to an exemption on authentication since if the exemption is used, and the customer files a complaint on unauthenticated fraud, the issuer is obliged to pay back to the customer the transaction amount within one working day?  Is it so that the payment industry players have over-stated the possibilities with the exemptions? Acquirers may be up for an unpleasant surprise if they trust that issuers will maximize exemption usage. 

A Finextra member 

This only means the launch will be far ahead of the Xmas holidays for sure. 

A Finextra member 

After Xmas would be better!  Lead up to Xmas is the busiest time for e-comm.  Far ahead, nobody will be ready.

[Webinar] Operational Resilience in the age of DORAFinextra Promoted[Webinar] Operational Resilience in the age of DORA