SCA: enforcement delayed

  • techUK techUK
    Wednesday04Sep 2019

    The FCA has taken the decision to delay the enforcement of strong customer authentication

The FCA has taken the decision to delay the enforcement of strong customer authentication (SCA), set in the Payment Services Regulations 2017 (PSRs), by a further 18 months.

Strong Customer Authentication, are intended to enhance the security of payments and limit fraud during this authentication process.  SCA affects the way banks or other payment services providers check that the person requesting access to their account or trying to make a payment is the person permitted to make a payment and validate specific payment instructions.

SCA applies when a payer:

  • initiates an electronic payment transaction
  • accesses their payment account online
  • carries out any action remotely that may imply a risk of payment fraud

The new deadline for enforcement of SCA is now 14 March 2021. Any firm that fails to comply with the requirements for SCA, after this date, will be subject to full FCA supervisory and enforcement action as appropriate.

The FCA indicated that all parties involved in card-not-present transactions, both FCA regulated and unregulated, should continue to work together over the next 18 months to ensure the smooth and timely implementation of SCA by 14 March 2021.

SCA and PSD2: same deadline but a 6-month transition period

Account servicing payment service providers are required to have a PSD2-compliant way to provide TPPs with access to account data and payment functionality by 14 September 2019. This is either by a dedicated interface based on application programming interface standards or a modified customer interface. This remains the case.

However, to avoid disruption to consumers and TPPs the FCA has agreed an adjustment period of six months. Therefore, in certain circumstances, firms have until 14 March 2020 to implement SCA for online banking.

After 14 March 2020, failure to comply with the requirements for SCA and identification will be subject to full FCA supervisory and enforcement action as appropriate.

This is likely to mean that some, but not all, customers may not be asked for strong customer authentication when accessing their account online until 14 March 2020. Firms are expected to communicate with customers about any relevant changes to their online banking, including timings of such changes.

  • Hugo Rousseau

    Hugo Rousseau

    Programme Manager | Financial Services and Payments
    T 020 7331 2054

Share this


Read the comment from our @techUKCEO in response to Labour's plans to part nationalise BT
We're running a free SME Strategy Breakthrough Workshop with AddVantage Strategy on 05 December. Providing members…
techUK's final Introductory Evening of 2019 will be on 09 December. Join us to discover more about techUK, meet the…
User trust in government and business has time and again been the watch word across discussions @SommetGovTech No different in #healthtech
@idatin calls for user centred design as a priority to overcome systemic challenges. Rune Simensen echoes the calls…
Scores on the doors universally low: 3, 3, 2 and a cautious 6.
Health 2.0: Transforming Healthcare Through Technology @SommetGovTech #healthtechuk @JulietBauer asks the panel to…
Fascinating discussion on the future of payments and what government can learn from fintech @SommetGovTech
#GovTechSummit assembled a stellar panel on established the conditions for Europe’s GovTech moment @SerbianPM
How are tech firms reducing their environmental impact? Members are invited to a free conference on 25 November loo…
Become a Member

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...