The 14th September designated deadline to comply with SCA (Strong Customer Authentication) has passed. As per reports, the UK financial regulatory body — FCA (Financial Conduct Authority) has granted an 18-month extension after the 14th September deadline for the SCA (Strong Customer Authentication). The new 18-month extension of the SCA regulation will affect the payments and e-commerce industry. This decision has been taken considering European Banking Authority views on the regulation, its complex requirements, as well as the lack of preparedness of the financial corporations.
FCA is not going to penalize firms who are currently not compliant with the SCA requirements. During the 18-month extension, FCA is going to keep a check on the impact, SCA will have on different consumer groups.
Post 18 month extension of SCA and enforcement of the regulation, it is going to easier to secure payments as well as mitigate the fraudulent practices while completing the authentication process. With the addition of a fresh authentication infrastructure while check out, the customer will need to add:
a) something which he knows for e.g. a pin or a password;
b) something which he has for e.g. a mobile phone or a token;
c) and something the customer is for e.g. fingerprint or facial recognition.
The technology providers are in process of development or launch of solutions that can better equip merchants in adopting SCA. These offerings include designated toolboxes and products to help specifically SMEs meet the SCA requirements. A few among these are actually relying on their banking partners to fulfill the requirement of the compliance.
The larger merchants are more aware of the SCA, but they too are facing challenges. GDPR (General Data Protection Regulation) implemented in the European Region is one of the biggest issue merchants are currently facing. GDPR has redefined how businesses/merchants will collect customer’s data and how will they process it. Non-compliance with the practice can burn a hole in the merchant’s pockets, a recent example being British Airways. The airline is slapped with a massive fine of £183 million for data breach disclosed by the company in September 2018.
The merchants, banks, and corporates in the European Region are still trying to understand how GDPR, PSD2, and SCA will affect them. Third party players currently have been granted the access to banks’ APIs under the revised Payment System Directive however, what it actually means and can do is a mystery to many.
Considering the situation, European Banking Authority has recently released its fourth set of clarification around APIs under PSD2. The clarification paper talks in depth about the mobile and bio-metric authentication measures.