Back to News

Are you ready for two-factor authentication?

The European Central Bank (ECB) estimates Europe suffers from €1.8 Billion in card fraud each year. Strong Customer Authentication (SCA) is the final aspect of the PSD2 (Revised Payment Service Directive), designed to reduce fraud by implementing a two-factor authentication (2FA) process. The 2FA will secure e-payments in the entire European region.

The SCA requires that most of the electronic payments made within the European Economic Area (EEA), be subject to two-factor authentication and the implementation deadline is the 14th September 2019. Under the new rules, if individuals do not approve a transaction combining two elements of authentication, they may not be allowed to complete a purchase.

From speaking with ours clients, we know that not all firms are ready to implement and although the European Banking Authority (EBA) makes it clear that the 14th September 2019 deadline remains, they have acknowledged the concerns of industry and made it possible for local regulators to introduce a ‘grace period’ for compliance with SCA.

In the UK, the Financial Conduct Authority (FCA) has already agreed on a plan for a phased implementation of SCA and two-factor authentication, giving the payments and e-Commerce industry extra time to implement. The FCA’s official communication reads:

“The FCA will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14th September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.”

Across Europe, regulators are following suit. In France, the local regulator, Banque de France, has also been supportive of a grace period, with peers in Belgium, Cyprus, Germany, Italy and Spain implementing the same, although many authorities are yet to make their positions clear.

Whilst the EBA’s announcement will be welcomed by many, it should not be interpreted as a blanket grace period, on the contrary, it may add even more complexity in respect to intra-EEA cross-border transactions. In such situations how will SCA be applied? This area remains in flux with the industry raising concerns and regulators continuing to clarify their positions.

Maximise these grace periods – for UK companies you now have an extended 18-month period to implement SCA and two-factor authentication, and we are ready to support you. Danos Associates is a leading supplier of Compliance, Financial Crime, Data Protection, Risk and Legal personnel to the Payments and wider financial services industry globally, we are extremely well-placed to find you the best-matched candidates. We have a strong track record in Payments recruitment from Associate level to Managing Director. Please contact me to discuss this further or ask any questions.

Paul Geist
Associate Partner, Compliance

Tel: +44 (0) 20 3908 4806

We offer a comprehensive suite of consulting services from expert analysis through to implementation support. With a pool of highly qualified professionals that can help you fill resourcing gaps in the interim and make sure you have the appropriate skills and backgrounds to boost your department’s capabilities and ensure that you meet the ever-changing Payments industry regulations.

Please contact Katherine to discuss or ask any questions.

Katherine Lord
Associate Partner, Head of Danos Consulting

Tel: + 44 (0) 207 010 1153