Germany’s Federal Financial Supervisory Authority (BaFin) has made a temporary measure which allow online payments that do not meet strong customer authentication requirements.
The measure will allow payment service providers based in Germany to execute credit card payments online past the September 14 deadline of PSD2 SCA, without meeting compliance. This is intended to prevent disruptions to online payment processes and facilitate a smooth transitional period.
SCA is will require all online payments made in the EU be backed by two-tier authentication. This means consumers will need to input a combination of verification types. There are three possible options for merchants to utilise: knowledge-based verification such as a password or PIN, an item in possession like a credit or debit card, and finally biometrics which is most commonly a fingerprint.
The regulation was created in a bid of making online shopping more secure. After the deadline, it will no longer be sufficient to enter a credit card numer and credit card verification value (CVV).
BaFin believes card issuing payment service providers in Germany are prepared for the new requirements. However, it believes it is different for those accepting credit card payments.
According to the regulator, “substantial adjustments” are needed to meet compliance and to allow companies and consumers to still use credit cards online, BaFin will not impose SCA requirements on these transactions.
Earlier in the year, the European Banking Authority gave national competent authorities (NCAs) the power to postpone the implementation of the regulation.
The measures are only temporary, and BaFin will consult with market participants do decide when to remove them.
Earlier in the month, the UK’s Financial Conduct Authority and the Central Bank of Ireland both revealed plans to hold off SCA implementation.
Copyright © 2018 RegTech Analyst