FCA response to European Banking Authority’s Opinion on Strong Customer Authentication

The EBA has published an Opinion on Strong Customer Authentication under PSD2.

On Friday 21 June 2019 the European Banking Authority (EBA) published an Opinion on Strong Customer Authentication (SCA) under the revised Payment Services Directive (PSD2). The Opinion is the EBA’s response to key industry questions about which authentication factors comply with the requirements for SCA.

In response to concerns about industry’s preparedness and ability to comply with the requirements for SCA, this Opinion allows the FCA to give some firms extra time to implement SCA.

The legal deadline for complying with the Regulatory Technical Standards on Strong Customer Authentication remains 14 September 2019. However, the FCA recognises the challenges in meeting this deadline and has been working with the industry to develop a plan to migrate the industry to implement SCA for card payments in e-commerce as soon as possible after this.

Next steps

We aim to quickly agree a plan with stakeholders across the industry that encompasses a blueprint for compliance and readiness, a timetable for achieving this, and key milestones and targets to deliver improved security of customer authentication and fraud reduction along the way. We will work in close cooperation with all the industry stakeholders and other authorities, including the Payment Systems Regulator, to ensure delivery of the blueprint at pace. 

Once the group has finalised the plan and we have agreed it, we expect all participants to meet the agreed milestones, targets and final delivery date. We believe this approach is proportionate. We will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed migration plan, where there is evidence that they have taken the necessary steps to comply with the plan.