In its 2020-21 business plan, the U.K.’s Financial Conduct Authority (FCA) announced that the payments sector would be one of its key priorities for the next three years to ensure that consumers make payments safely, that consumers and small and medium-sized businesses (SMBs) have access to a wide variety of payment services, and that the payments market is competitive and innovative.
In line with this, the financial regulatory body launched an open consultation earlier this year proposing changes to the SCA-RTS — the European Banking Authority (EBA)’s regulatory technical standards (RTS) on strong customer authentication (SCA) and secure communication.
The European Union (EU) regulation seeks to regulate the type of access that payment service providers (PSPs) have to customer payment account data held at account servicing payment service providers (ASPSPs). Since September of 2019, firms authorized under Payment Systems Directive 2 (PSD2) have been subject to SCA requirements.
But meeting the EU’s standards for robust customer authentication measures has not been easy for businesses who are having to confront several obstacles to ensure that they are in compliance with the rules.
It’s the reason the FCA outlined proposed SCA-RTS amendments in a policy statement released on Monday (Nov. 29), which “will help remove barriers to continued growth, innovation and competition in the payments and e-money sector, in particular for open banking.”
Read more: SecurionPay on Tapping Automation to Meet PSD2’s SCA Mandate
One of the two important barriers that the independent body identified is the requirement for customers to reauthenticate with their ASPSP every 90 days to continue accessing account information through a third-party provider (TPP). The FCA said that requiring continuous SCA every three months “creates friction when using TPP services and increases the likelihood of customers dropping off.”
The other barrier mentioned is the use of existing customer interfaces or modified customer interfaces (MCIs) to access customers’ payment accounts, which many TPPs struggle to do because the interfaces were not specifically designed for them to access customer account information.
Deep dive: How Merchants Can Navigate the Ins and Outs of SCA Compliance
As a result, the FCA said it has discouraged TPPs from serving customers whose account providers enable access through these MCIs.
To remove these barriers, changes to the SCA-RTS include the creation of a new exemption from SCA that will remove the need for customers to reauthenticate with their ASPSP every 90 days when accessing their account information through a TPP.
The FCA has also proposed that certain ASPSPs be required to provide dedicated interfaces to enable TPP access to customer account information for retail and SMB payment accounts. The body further suggested amending requirements aimed at helping ASPSPs innovate and launch products and services more quickly, such as providing technical specifications on interfaces used.
Contactless payments was another area tackled by the FCA, which proposed changes to single limits (to £100) and cumulative transaction limits (from £130 to £300) for these payments.
You might also like: FIS on Tapping Delegated Authentication to Tackle SCA Requirements
According to the FCA, those targeted by the amendments range from payment institutions (PIs), e-money institutions (EMIs) and credit institutions to retailers, consumers and credit unions.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More