FCA e-commerce rules implementation – Strong Customer Authentication
- The Payment Services Regulatons 2017 (PSRs) and related European Union standards contained rules, referred to as Strong Customer Authentication (SCA), to enhance the security of payments and limit fraud during authentication processes
- These new Rules applied from 14 September 2019 for most payment service activities with some extra allowances granted. Many deadlines were set for March 2020 so firms will already be required to be compliant for those activities.
- The implementation of SCA for e-commerce was originally set for 14 March 2021. However, given the impact of the Covid-19 crisis, the FCA has decided to give the industry an additional 6 months to implement strong customer authentication (SCA) for e-commerce, by a revised date of 14 September 2021. It is hoped that this will minimise potential disruption to consumers and merchants.
The FCA has previously announced that the European Banking Authority (EBA) accepted that the FCA and other National Competent Authorities may give some firms extra time to implement SCA.
EBA’s decision was in response to concerns about industry readiness to apply SCA to e-commerce card transactions, and to minimise potential disruption to consumers and merchants.
In the meantime, firms should continue with the necessary preparatory activities such as robust end-to-end testing. Firms are required to take all necessary steps to comply with the revised detailed phased implementation plan and critical path to avoid the risk of enforcement action.
After 14 September 2021, any firm that fails to comply with the requirements for SCA will be subject to full FCA supervisory and enforcement action.
Timeline with relevant dates to be logged on regulatory calendar
- The new SCA rules for e-commerce will be effective from 14 September 2021
All e-commerce firms need to work closely with their technical advisors and the regulator to be fully ready to comply with the SCA rules for e-commerce from September 2021.