Banks and online merchants are struggling to meet PSD2 deadline
The 14th September PSD2 deadline requiring Strong Customer Authentication (SCA) and access to accounts (XS2A) has passed. Given the lack of preparedness and complexities of the requirement, regulatory authorities in the UK announced in August they are delaying the enforcement of the regulation by 18 months.
In a statement released last month, Financial Conduct Authority said, “The FCA has today agreed on an 18-month plan to implement SCA with the e-commerce industry of card issuers, payments firm and online retailers.”
A quick recap on SCA
To explain what SCA is — It is a PSD2 requirement for payment service providers for making online payments more secure and preventing financial fraud. The regulation aims to make online payments more secure by introducing two-factor authentication (2FA). Every customer-initiated payment will be authenticated by at least two of the three possible factors:
1. Something only the user knows, such as a PIN or a password.
2. Something the user is, such as a fingerprint or an iris scan.
3. Something only the user has, such as a token or a card.
Read more about SCA in our blog.
Hurdles for banks and online merchants
Many banks and online merchants are not ready to comply with the PSD2 requirements due to lack of awareness and technical challenges. A research conducted by 451 Research in May 2019 found that only 15% of businesses feel ‘extremely prepared’ to address the new regulatory requirements. According to research from UK Finance, a banking trade group, more than 75 per cent of online merchants in the EU are unaware of the new authentication requirements.
For transactions (apart from the exempted ones) that require authentication, the new regulation means additional steps for the customer during the checkout process. Adding steps during the checkout could increase friction, and the process could become too long and complicated. This could result in a serious and immediate drop in the conversion rates for businesses. For online merchants, complying with SCA might be losing to provide a convenient checkout experience for end customers.
Older infrastructure and reluctance to change is another major factor that has led to the extension of PSD2 deadline. Banks say that putting in place the necessary APIs to enable transactions with 2-factor authentication with online merchants is a challenge to us.
Apart from the technical bottlenecks, the introduction of newcomers in the finance market and offering personalized services to customers is something banks do not want to happen. According to recent research, 63% of banks consider BigTechs leveraging banks’ data a serious threat.
PSD2 mandates for banks to share information with third-party providers so that new and advanced financial services can be built. Read more about PSD2 here.
What banks and online merchants need to do?
· Banks need to work with Fintechs to navigate the PSD2 and comply with the regulations. This way, banks can avoid the risk of being non-compliant with future deadlines.
· They need to work closely with the regulators to understand what all is expected from the regulation.
· They must also adopt advanced security measures to ensure a safer and more secure payment environment for the customers.
The path ahead
PSD2 and SCA regulations are a huge lift for banks, online merchants and financial institutions. This 18-month extension of the SCA deadline provided by FCA could help them adopt the latest payment regulations. As per the statement, FCA has also agreed not to take enforcement action against firms during the period. The authority also ensures to supervise banks and online merchants with the implementation of SCA in line with the plan. At the end of the 18-month extension, FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.
