UK authority extends PSD2 strong customer authentication deadline by 18 months
The UK’s Financial Conduct Authority (FCA) has agreed to delay rules for Secure Customer Authentication (SCA) with two factors among biometrics, a physical token, or a password for online payments of more than €30 (US$33) under PSD2 by 18 months.
A September 14 deadline had been set for online merchant transactions to include multifactor authentication for fraud prevention purposes, but retailers, banks, consumers and other regulators were not ready to implement the new rules, according to Mobile Payments Today. In July the European Banking Authority set the conditions for national authorities to extend the implementation of the rules.
“The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster,” Jonathan Davidson, executive director for supervision, retail and authorizations, said in a release from the agency. “While these measures will reduce fraud, we want to make sure they don’t cause material disruption to consumers themselves, so we have agreed to a phased plan for their timely introduction.”
The Central Bank of Ireland has also said it will delay the implementation of SCA rules, FinExtra reports.
Technology providers have rushed to provide the physical or behavioral biometrics that can help ecommerce companies and payment processors meet PSD2 requirements.
Accertify VP of Product Andrew Mortland argues in an opinion piece for PaymentsSource that the two-factor authentication requirements of SCA are the biggest hurdle PSD2 presents to merchants, and that for most it will be addressed with EMV 3D Secure. Mortland sees payments shifting to mobile devices to take advantage of on-board biometric capabilities, and that fraud will move to transactions outside the scope of PSD2.