28/05/2024The Digital Markets, Competition and Consumers Act 2024: What it Means for ‘Direct to Consumer’ Business
The Digital Markets, Competition and Consumers Act 2024 (‘DMCC Act’) was passed on 24th May… Read more
13/02/2020
This briefing is the latest in our coverage of Payment Services Regulations, the regulations by which the UK has implemented the EU’s revised Payment Services Directive 2015/2366 commonly known as “PSD2”.
We have previously published a briefing on the Payment Services Regulations 2017, which are the regulations by which the UK has implemented the EU’s revised Payment Services Directive 2015/2366 commonly known as “PSD2”, and an update on the requirement for ‘strong customer authentication’ (‘SCA’), the aspect of PSD2 most relevant to traders, which was due to come into effect on 14th September 2019.
‘Strong customer authentication’ is the umbrella term for a set of PSD2 requirements intended to improve the security of electronic payments for traders and customers by requiring a trader to supply the payment services provider (‘PSP’) with two independent authentication factors provided by the customer to generate an authentication code in order for the customer’s payment to be approved. SCA applies to ‘customer-initiated’ electronic payments so that most card payments and all bank transfers require SCA, meaning that it affects a number of other parties than PSPs, such as online retailers.
A number of groups complained to the European Banking Authority (“EBA”) that they were not properly prepared for SCA taking effect on 14th September 2019, and since that date the EBA and several national authorities across the EU have announced delays in the implementation date.
Whilst the EBA first announced that that it could not legally delay the 14th September 2019 implementation date, in October 2019 it announced that PSPs have until 31st December 2020 to implement SCA for e-commerce transactions.
The UK’s competent authority, the Financial Conduct Authority (FCA), announced on 13th August 2019 that it has agreed an 18 months plan to implement SCA with the e-commerce industry of card issuers, payments firms and online retailers in the UK and that on this basis it would not take enforcement action against PSPs prior to 14th March 2021.
The position in other EU countries varies.
On 25th October 2019, the FCA also announced that in the event of a ‘No-deal Brexit’ the UK’s SCA regulatory technical standards (‘UK-RTS’) will be substantially the same as the EU’s SCA regulatory technical standards (‘SCA-RTS’), and PSPs should treat any FCA correspondence regarding an SCA-RTS adjustment period as applying equally to the UK-RTS. Whilst the UK left the EU on 31st January 2020, the UK will continue to be subject to EU rules and will remain a member of the single market and customs union until 31st December 2020.
We continue to advise that, whilst the implementation date for SCA has been delayed, traders should take steps to prepare for implementation including:
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Digital Markets, Competition and Consumers Act 2024 (‘DMCC Act’) was passed on 24th May… Read more
Memery Crystal Partner and leading gambling expert, Carl Rohsler, announces the publication of the ninth… Read more
On 16 April 2024, Memery Crystal and Rosenblatt held the latest roundtable in our… Read more
What does a UK business (‘data exporter’) wishing to transfer personal data to another business… Read more