Important PSD2 and SCA update
FCA confirmed enforcement date will not change. Expects Acquirers to obtain compliance plans from gateway providers and agree steps with merchants towards full compliance.
In summer 2019, the Financial Conduct Authority (FCA) agreed to delay enforcement for Strong Customer Authentication (SCA) until 14 March 2021 in the UK. However, it is crucial to remember the deadline is 31 December 2020 for the rest of the European Economic Area (EEA). A Programme Management Office (PMO) was set up by the industry body UK Finance (UKF). Since then it has led a number of taskforces to provide further clarity and coordination under the supervision of the FCA.
On Tuesday 28 January UK Finance (UKF) has issued an Open Letter to the market, as a reminder that in the UK Issuing banks must decline all non-compliant e-commerce transactions after 14 March 2021. No further extension will be granted. In addition, it also sets out the FCA’s expectations from market participants towards full compliance.
Barclays welcomes the communication from UK Finance which will enable alignment of efforts and execution across the UK payments ecosystem. We are committed to working with our customers and their partners in providing solutions and working towards the December 2020 milestone.
3D Secure (or 3DS, recommend version 2.1 or above) will be essential for all e-commerce card payments regardless of whether exemptions are used. Since September 2019, there was an increased adoption for 3DSv2.1 across the European market. Early adopters through extensive testing were able to resolve those ‘teething issues’ early. The Open Letter highlights the need for more testing and reminded that time required will be much longer than usual.
Regulators are working with all Issuers and Acquirers to monitor the progress of 3DS readiness. Notably, gateway providers are expected to share their readiness plan with the Acquirers as soon as possible to ensure merchants have the support needed to make the necessary changes.
Issuer to increase step up from H2, 2020
Issuers are expected to move towards the SCA rules including active authentication from H2 2020 to give customers and merchants the chance to get used to the new way of shopping. Merchants are urged to accelerate towards technical and operational readiness within the next five months to avoid the risk of declines.
Plan your testing and switch on SCA-compliant solution:
It takes a considerable length of time to be fully ready technically and operationally, so we strongly recommend you to take active preparations now.
- Prepare for the December 2020 deadline even if you only take a small amount of European payments;
- Consider which version of 3D Secure supports your compliance needs
- Consider which exemptions you may need
- Whether you have ‘out of scope’ flags ready
- Work with your gateway providers and acquirers to plan for 3DS and all necessary testing
UK Finance plans to provide further details at the end of March 2020 for Issuer readiness and coordinated testing. We will continue to share updates with you in support of this important transition.
Read the full open letter from UKF.
What’s your Strong Customer Authentication strategy?
Like all regulation, Strong Customer Authentication (SCA) brings new challenges. But with the right strategies in place, merchants can be compliant, help reduce fraud and offer secure payments. For more information, see our whitepaper: Demystifying the payment landscape: PSD2, SCA and the security challenge.
Speak to our payment experts today