Important PSD2 and SCA update
There have been some important deadline updates to the Payment Service Directive 2 (PSD2) and Strong Customer Authentication (SCA) that you need to know about.
The key points you need to know are:
- The deadline for SCA compliance has been delayed by 18 months with an agreed phased roll-out plan to move the UK to full compliance by 14 March 2021
- We recommend you carry on with plans to become fully compliant as soon as possible
- We will continue to share any further updates on PSD2 and how it will affect your business
- Our new product Barclaycard Transact can help minimise payment friction once PSD2 SCA comes into effect
The deadline for SCA compliance has been delayed by 18 months. Following the European Banking Authority (EBA) announcement on 21 June 2019, the Financial Conduct Authority (FCA) has now agreed to a phased roll-out plan to move the UK to full compliance by 14 March 2021.
You can read the full FCA Announcement, but the key part is this:
The FCA will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.
What does this mean in practice?
Although the final deadline to have full market readiness is now 18 months away, the FCA will focus on seeing evidence of progress from issuers, acquirers and merchants towards the new milestones set out in the plan.
- Stakeholders need to be technically and operationally ready as soon as possible
- Enforcement action won’t be applied from September 2019 for UK-based financial Institutions supervised by the FCA
What exactly is this plan?
To ensure the UK market works speedily towards full readiness, the FCA will monitor the market’s ability to meet the following milestones:
- February 2020 – UK issuers will gradually apply 3DS step up where exemptions are not used
- September 2020 – merchants need to be able to activate the use of 3D Secure (3DS) v2. We anticipate that schemes will enforce the adoption of 3DSv2
- March 2021 – issuers will be required to actively decline non-3DS transactions, where exemptions don’t apply
What should you do?
In the UK, Issuers are unlikely to apply hard declines for non-secure transactions until March 2021 even if exemptions aren’t used. However, we expect issuers to request that transactions are authenticated using Strong Customer Authentication early next year.
With the amount of technical development required, we recommend merchants should actively push towards 3DSv2 and explore the use of exemptions as much as possible. Exemptions such as Low Value, Recurring and Low Risk (TRA) exemptions will continue to offer customers a more frictionless payment journey where applicable.
It’s worth remembering that other out-of-scope transactions such as Merchant Initiated Transactions (MIT) and MOTO, will also need to be indicated properly before March 2021 to avoid transaction declines.
For the pan-European application of this delay, there remains a challenge. Several countries have expressed willingness to relax the timelines. But this inconsistency could mean some uncertainty for merchants and their providers who operate across the EU.
The FCA intends to share this plan with the European Commission and other National Competent Authorities to lead the way in harmonising the roll-out. This UK plan is the first of the many steps required in the coming months. Merchants who are affected by this are encouraged to treat 14 September 2019 as the deadline for readiness.
How Barclaycard can help
Barclaycard Transact is a valuable option for merchants to plan ahead. We’ve developed this new product to help minimise payment friction (e.g. Issuer 3DS step up and declines) by leveraging the TRA exemption.
For UK merchants, this will be useful from February 2020 onwards as issuers can begin to step transactions up to 3DS where exemptions aren’t used.
With the uncertainty around when the different European Economic Authority (EEA) countries will start implementing SCA, choosing Barclaycard Transact can offer you some reassurance.
For more information on Barclaycard Transact contact your account manager.
- We’ll keep you updated on the following key questions
These key issues which have not yet been confirmed include:
Will 3DS v2.1 or v2.2 be the new requirement?
- Will all UK Issuers begin to step up all ecommerce transactions from February 2020?
- How will the remaining technical issues be resolved?
- The FCA are due to provide an update on contactless exemptions shortly and we will update you in due course
UK Finance (UKF) has now established a Programme Management Office (PMO) to help define what was missing from the plan. In the coming weeks, the UKF PMO will work to provide further clarifications in partnership with industry stakeholders including merchant groups.
What’s your Strong Customer Authentication strategy?
Like all regulation, Strong Customer Authentication (SCA) brings new challenges. But with the right strategies in place, merchants can be compliant, help reduce fraud and offer secure payments. For more information, see our whitepaper: Demystifying the payment landscape: PSD2, SCA and the security challenge.
Speak to our payment experts today