13th September 2019
Are you ready for two-factor authentication?
The European Central Bank (ECB) estimates
Europe suffers from €1.8 Billion in card fraud each year. Strong Customer
Authentication (SCA) is the final aspect of the PSD2 (Revised Payment Service Directive), designed to reduce fraud by implementing a two-factor
authentication (2FA) process. The 2FA is going to secure e-payments
in the entire European region.
The SCA requires that most of the electronic
payments made within the European Economic Area (EEA), be subject to two-factor
authentication and the
implementation deadline is the 14th September
2019. Under the new rules, if individuals do not approve a transaction
combining two elements of authentication, they may not be allowed to complete a
From speaking with ours clients,
we know that not all firms are ready to implement and although the European Banking
Authority (EBA) makes it clear that the 14
th September 2019 deadline
remains, they have acknowledge the concerns of industry and made it possible
for local regulators to introduce a ‘grace period’ for compliance with SCA.
In the UK, the Financial Conduct
Authority (FCA) has already agreed a plan for a phased implementation of SCA,
giving the payments and e-Commerce industry extra time to implement. The FCA’s
official communication reads:
“The FCA will not take enforcement
action against firms if they do not meet the relevant requirements for SCA from
14 th September 2019 in areas covered by the agreed plan, where there
is evidence that they have taken the necessary steps to comply with the plan.
At the end of the 18-month period, the FCA expects all firms to have made the
necessary changes and undertaken the required testing to apply SCA.”
Across Europe regulators are following
suit. In France, the local regulator, Banque de France, has also been
supportive of a grace period, with peers in Belgium, Cyprus, Germany, Italy and
Spain implementing the same, although many authorities are yet to make their
Whilst the EBA’s announcement will be
welcomed by many, it should not be interpreted as a blanket grace period, on
the contrary, it may add even more complexity in respect to intra-EEA
cross-border transactions. In such situations how will SCA be applied? This
area remains in flux with the industry raising concerns and regulators
continuing to clarify their positions.
Maximise these grace periods – for UK companies you now have an extended 18-month period to implement SCA and we are ready to support you. Danos Associates is a leading supplier of Compliance, Financial Crime, Data Protection, Risk and Legal personnel to the Payments and wider financial services industry globally, we are extremely well-placed to find you the best matched candidates. We have a strong track record in Payments recruitment from Associate level to Managing Director. Please contact me to discuss this further or ask any questions.
Associate Partner, Compliance Paul Geist
Tel: +44 (0) 20 3908 4806
We offer a comprehensive
suite of consulting services from expert analysis through to implementation
support. With a pool of highly qualified professionals that can help you fill
resourcing gaps in the interim and make sure you have the appropriate skills
and backgrounds to boost your department’s capabilities and ensure that you
meet the ever-changing Payments industry regulations.
Please contact Katherine to discuss or
ask any questions.
Associate Partner, Head of Danos Consulting Katherine Lord
Tel: + 44 (0) 207 010 1153