6th November 2019
By Steve South
The introduction of Strong Customer Authentication or SCA giving greater protection to the online economy from fraud will now be phased in and UK businesses must be fully compliant by 14 March 2021. In the meantime, they must be able to demonstrate that they are starting to take the necessary steps required to meet the terms of the plan from the original deadline.
The original deadline for Strong Customer Authentication set by the European Union’s rules was 14 September 2019. But the UK’s Financial Conduct Authority has decided to extend it by 18 months. This reflects the view of the European Banking Authority that businesses need longer to get themselves ready.
In short, the EU Revised Directive on Payment Services (PSD2) requires electronic payments to be made using multi-factor authentication. Consumers making payment will have to use two separate types of validation out of a choice of three possible options.
It applies to transactions made in the European Economic Area (EEA) where both the payer and the payee are in the region. Furthermore, it will be the responsibility of the issuers to put in the authentication measures of their choice.
Yes, there are a number of exemptions although they will be at the discretion of the issuer. They cover the following key areas:
Fraudsters continue to find more sophisticated ways of tricking businesses and individuals into divulging passwords or into making fraudulent payments. Losses are therefore continuing to increase. Security measures such as Address Verification System (AVS) or the CVC verification that you see on some credit and debit cards have not been as robust as hoped. This is why consumers have been able to dispute fraudulent payments made on their cards. The European Commission has therefore acted to help reduce the number of cases of fraud with SCA measures.
Businesses need to take into consideration the impact of the new rules now and start inputting measures to ensure that they comply. So, keep in touch with your payment service provider to understand what changes they are making to their systems and how they will affect you.
We suggest that you think about the exemptions and how they may apply. Depending on how your business works, there may be an impact on the payment journey. It may look different to customers and you may wish to point this out ahead of time. You may also think about asking your customers to whitelist your businesses with their card issuer to avoid the authentication process whenever they make purchases in the future.
Of course, the Wise & Co team is available to discuss any of these issues as well as other challenges facing your business.
Steve joined Wise & Co in 1989 where he trained and qualified as a chartered accountant. He is now a general practice partner, as well as the firm’s IT partner. Steve’s experience spans a range of industry sectors and businesses of varying sizes. VAT and property remain of particular interest to him and he has advised many investors and developers alike on VAT planning and recovery. He has also been involved with many mergers and acquisitions and has assisted clients with the sale of their businesses.