The need for fraud prevention has never been greater, but if there is a substantial threat to the volume of e-commerce business by a new fraud control measure, then it is postponed. The postponement of EBA’s Strong Customer Authentication technology was inevitable, once industry groups started to point out that lack of preparedness would make more than a quarter of payments impossible to complete, see. 

In June, the EBA rejected calls for a continent-wide grace period, so companies turned to the national regulators. The UK’s FCA asked the trade group UK Finance to design an alternative timetable for the UK. Its final recommendations, which were agreed with major financial, retail and travel groups, were submitted to the regulator last Friday. UK Finance’s plan is for:

• companies should have until March 2021 to implement most of the technical requirements
• a further six months to implement a more advanced form of authentication
• companies in the hospitality and travel sector would receive an additional year to prepare because of the “complex” nature of their payment systems.

The FCA is expected to formally endorse the recommendations next week.

Pan-European solution needed

The UK FInance report concludes that “due to the cross-border nature of payments, we strongly believe this issue requires an EU-wide solution”. 

The Central Bank of Ireland has now stated that: “The Central Bank of Ireland recognises the difficulties with meeting this deadline. We have been engaging with the industry to develop a migration plan to implement SCA for e-commerce transactions, as soon as possible after this date.” While regulators in other countries, including France, Italy and Denmark, are also looking at relaxing the regulations, but a coordinated timetable is not guaranteed.

---

CTMfile take: This issue is not going away, the regulators throughout Europe will have to accept reality. Meanwhile, retailer groups and service providers need to keep up the pressure. But retailers also need to accept reality in that 60%+ of fraudulent transactions are now coming mobile devices. Something has to be done, sooner rather than later.