Important PSD2 and SCA update
The FCA confirmed the new SCA enforcement date to be 14 September 2021 in the UK. The EEA deadline date remains 31 December 2020.
To help provide clarity and support to merchants and the market from the impact of Covid-19 the Financial Conduct Authority (FCA) have agreed to delay the enforcement of a Strong Customer Authentication (SCA) until 14 September 2021 in the UK. This means UK issuers are not required to decline non-compliant transactions before this date.
You can read their full announcement.
We welcome the decision by the FCA. However such an extension has not yet been agreed for the EEA. Therefore we continue to caution clients with European presence to continue to get ready at pace. We are committed to providing vital support to explore optimised solutions in this unprecedented time.
All UK issuing banks, acquirers and gateways will need to continue to work towards technical and operational readiness to support merchants and cardholders at pace.
The deadline for the rest of the European Economic Area (EEA) remains 31 December 2020. If your business accepts any European card payments you should work towards this date.
3D Secure, Exemptions and Fraud Protection
3D Secure (or 3DS, recommend version 2.1 or above) will be essential for all e-commerce card payments even if exemptions are used. Although 3DS v2 is designed to improve acceptance rates, the authentication journey could still lead to friction so we advise merchants to explore all other options such as the optimised use of exemptions.
While working towards the SCA compliance deadline it’s important to stay vigilant as the impact of Covid-19 has resulted in the increased use of online payments and therefore more opportunities for fraudsters to target vulnerable customers. To help keep your business protected from this threat, merchants should continue maintaining strong fraud safeguards while adhering to the applicable deadlines and the use of exemptions.
What you need to do
Our advice to all merchants is:
- Work towards the 31 December 2020 deadline if your business accepts any European card payments
- Consider which version of 3DS you need
- Consider which exemptions you need
- Start flagging ‘out of scope’ transactions whenever possible
- Work with your acquirer to implement for the right solutions for your business
UK Finance plans to provide further clarity on the revised roadmap including key milestones in due course. We will continue to share updates with you to support your business with this important transition.
Taking secure payments under PSD2
As you know, PSD2 is an industry-wide regulation that will affect all banks, businesses and customers. So, we have lots of useful to help you manage this challenge, including FAQs and editorial from the experts in our PSD2 hub.