FCA Dear CEO letter – Requirements for Strong Customer Authentication
- Requirements for Strong Customer Authentication in card-not-present ecommerce transactions
- Published by the FCA on 20 August 2019
- From 14 September 2019, the Payment Services Regulations 2017 (PSRs) requires that all payment services providers (PSPs) must apply Strong Customer Authentication (SCA) where a payment service user initiates an electronic payment transaction.
- The new requirements on SCA are intended to enhance the security of payments and reduce the risk of fraud in payment transactions.
- At the FCA’s request, UK Finance worked to co-ordinate an agreed industry plan to implement SCA for card-not-present transactions for e-commerce as soon as practicable.
- The FCA has reviewed the plan and welcomes the industry’s commitment to a timely, coordinated and collaborative approach.
- To support the orderly transition to SCA and avoid a negative impact on consumers and merchants, the FCA will not take enforcement action against firms simply
- Our decision not to take enforcement action is limited to the application of SCA to cardnot-present e-commerce transactions.
- This commitment only applies to firms that can demonstrate that they have taken the necessary steps to comply with the UK Finance co-ordinated plan to deliver SCA by 14 March 2021.
- After 14 March 2021, failure to comply with the requirements for SCA will be subject to full FCA supervisory and enforcement action as appropriate.
Timeline with relevant dates to be logged on regulatory calendar
- Dear CEO letter published on 20 August 2019
Firms should speak to their trade association and UK Finance to get more information on the agreed plan.
The FCA strongly encourages all firms to cooperate and engage with wider industry efforts to coordinate implementation of SCA in line with the agreed plan