The European Banking Authority (EBA) is delaying the final implementation of the EU’s new two-tier identity authentication rules to New Year’s Eve next year for payment service providers.
The EU’s Revised Payment Service Directive (PSD2) was supposed to be fully implemented by September 14 with the enforcement of the new rules on strong customer authentication (SCA) rules for electronic payments.
This would require companies to ensure that customers were who they said they were by using a two-tier authentication system. That would mean that they would have to prove their identity in two out of three ways. These three ways were to provide something they had, were or knew.
While there had been several different ways suggested for how people could prove their identity within the scope of these three categories, including some odd ones, lots of industry stakeholders feared that they would not be able to meet the September deadline, calling for regulators to extend the implementation period.
Now, the EBA has announced that it will change the deadline for payment service providers. The EBA announced the decision after consulting with 90 of the national competent authorities, payment service providers as well as national merchant and consumer associations across 30 jurisdictions.
The majority of the respondents said that they would prefer a single deadline ensuring a consistent and harmonised implementation of SCA with regards to e-commerce card-based payment transaction.
The stakeholders argued a single deadline would avoid negative effects of cross-border payments, a decline in legitimate payment transactions, customer drop-out, regulatory arbitrage and further complexity. They also believed having a common deadline for SCA to be implemented in regards to e-commerce card-based payments would level the playing field.
The EBA agreed and have therefore the deadline for implementing SCA for payment service providers.
Copyright © 2018 RegTech Analyst