When will SCA be enforced?

Diego Katzman

Diego Katzman
Published 31/10/2019 · 2 min read

On 13 January 2018, the new Payments Service Directive II (PSD2) came into force, and the most important element of this regulation was the requirement for Strong Customer Authentication (SCA) on most electronic payments. These new rules are intended to enhance payments security and to limit frauds during this authentication process.

Although PSD2 went into full effect on 14 September 2019, the European Banking Authority (EBA) allowed due delays for the implementation of the SCA requirements, which should be fully enforced by 31 December 2020 at the latest. As a result of EBA’s announcement, some European regulators had announced a 18-month longer enforcement delay, as the following contained below:

  • In the UK, the Financial Conduct Authority (FCA) agreed on August 2019 an 18-month plan to implement SCA. In that way, the FCA has communicated that they “will not take enforcement action against firms where there is evidence that they have taken the necessary steps to comply with the plan”. Once this 18-month period has ended, the FCA “expects all firms to have made the necessary changes and undertaken the required testing to apply SCA”.

If you are asking about how Brexit will affect this matter… Do not worry, because in this case it is not a determinant success. The SCA will be applied in any case.

  • France is proceeding in the same vein. L’Observatoire de la sécurité des moyens de paiement has created a migration plan in accordance with EBA’s communication and has established two different deadlines to implement the SCA and the 3D-secure. Related to SCA, it should be working since December 2020.

Meanwhile, the Bank of Spain has communicated its decision to grant an additional period of time to comply with PSD2, but without specifying the concrete deadline to implement it.

It is important to be aware of the fact that EBA makes its "Opinions" but each single country is responsible for enforcing and adapting these Opinions the best way possible taking into account its internal policy. The EBA is expected to publish shortly an Opinion to ensure that all national regulators grant the same period of time.

For example, in Sweden the Financial Supervisory Authority (SFSA) has confirmed that no general transition period will be applied in relation to remote card-based transactions. Instead, issuers and acquirers can apply to the SFSA on an individual basis, and more time may be granted to comply with SCA on a case-by-case basis. This announcement is potentially problematic, because it is going to be difficult to know if Swedish issuers did or did not apply to the SFSA to benefit from an adjustment period.

This fact leads us to ask ourselves the following: an unequal delay of the SCA implementation could be an opportunity or a risk? Let us know what you think!

Pinterest LinkedIn
Nueva llamada a la acción
[EN] 8 claves para escoger la mejor pasarela de pagos


    Subscribe to our newsletter


    See all

    You may also be interested in

    2 shopping habits that change in summer and how to make the most of them

    What are the consumer shopping habits for this summer 2022? The summer season is here, and with it, a change...

    What is a company's ROI and how to maximise it with fintech

    The top companies’ strategy to increase your business performance One of the keys to success for the world’s...

    Why optimising your business finances will attract more customers

    How to get and retain customers in 2022 Market globalisation has opened many doors for businesses around the...