Payment Services and SCA
Today, the FCA has published an updated version of its webpage on strong customer authentication (SCA) under the Payment Services Regulations 2017 (PSRs 2017).
- Protecting customers – During the pandemic, the FCA expects firms to protect consumers from risks, including the risk of unauthorised transactions and fraud. Firms are expected to monitor their fraud rates and take swift action where necessary.
- Contactless Payments – The FCA is supportive of the use of contactless payments and welcomes the industry’s initiative to increase the contactless limit. It confirms that in light of COVID-19, the FCA is very unlikely to take enforcement action if a firm does not apply the SCA requirements (when the cumulative amount of transaction values has exceeded EUR150 or there are five contactless transactions in a row). However, this is only as long as the firm sufficiently mitigates the risk of unauthorised transactions and fraud.
- Online Banking – For firms that have not yet met the online banking requirements (which should have been implemented in September 2019 with an adjustment period to 14 March 2020), and are facing further delays due to COVID-19, the FCA will consider the appropriate further measures on a case-by-case basis. In doing so, it will consider:
- Firms’ security around authentication to access online banking and when making payments.
- Their controls and processes to reduce fraud.
- Whether that impact is likely to be exacerbated given the current circumstances.
- E-commerce – The FCA recognises that the COVID-19 challenges are likely to affect the planned implementation of SCA for e-commerce. It welcomes the progress so far and the industry’s continuing effort to meet milestones ahead of 14 March 2021. The FCA will work closely with the industry to agree any changes to the milestones and timelines that may be needed.
As expected, the FCA will continually monitor the every changing situation and is keeping its decisions under review.