Extension to be allowed on strong customer authentication

Over recent months, it has become clear that many payment service providers (PSPs) and other players in the payments chain will not be ready to introduce strong customer authentication (SCA) from the deadline of 14 September given in the European Banking Authority’s (EBA) regulatory technical requirements (RTS). SCA requires that authentication for payments and data sharing under PSD2 be done using two-factors.

The Authority has therefore given way to industry pressure and published an opinion, stating that firms which are not ready may negotiate ‘limited extra time’ with their competent authority – in the UK this is the Financial Conduct Authority (FCA). The condition of such an extension is that firms agree an implementation plan with the FCA and execute it in an ‘expedited manner’.

This will be very good news for a large number of companies in the UK who have feared that services using payment data, such as SME accounting and personal finance apps would cease to function properly from 14 September if access to the screen-scraping services they normally use were switched off.

Two of three factors must be present to authenticate a transaction: these are something the customer knows, something they possess and something that is inherent to them. The EBA opinion also gives further detailed explanation of what factors can be included in these three categories. For example biometrics, including iris scans, keystroke analysis and voice recognition do fall within ‘inherence’ while swiping patterns do not. Having an app ‘bound’ to a device through a smart chip does count as possession, while the numbers printed on the back of a card do not.

  • Ruth Milligan

    Ruth Milligan

    Head of Programme | Digital ID and Open Data
    T 020 7331 2173

Share this


Join our friends @bethebusiness and @Facebook next Wednesday for their latest regional event. If you’re a business… https://t.co/7xXtnWJeMJ
FINAL CALL: Nominations to the Health and Social Care Council close on the 2nd November. Step up and help to lead t… https://t.co/a5DIXuq64U
On Monday 9 November we're kicking off our annual #AIweek! We're looking for excellent member case studies demonstr… https://t.co/aArgq1AJe4
New research from #techUK member @sageuk has found that small and medium-sized enterprises (SMEs) are ready to tran… https://t.co/LVAVsp0eRX
Join us and @Climate_Action_ at the Sustainable Innovation Forum 2020, a 5 day programme running from the 16 - 20 N… https://t.co/Wk0sogjq3N
We are delighted to have kick-started our #GeospatialData campaign alongside the @GeospatialC! Our event saw the th… https://t.co/TAK7cIfsLH
Thank you for all those who followed along today, we are delighted to have kicked-off techUK's Geospatial Data Camp… https://t.co/6VVUpd344m
The #digitalethics Summit will take place virtually on 9-10 December. The Summit will bring together academics, l… https://t.co/lZKMQoV2nC
Become a Member

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...