Why the Delay for SCA?

Although this has not yet been 100% confirmed by the FCA at the time of writing, it seems that the PSD2 directive ‘SCA’ or Strong Customer Authentication (the EU’s online payment directive requiring 2-factor authentication* for online payments and transactions to help protect against fraud), and due to be enforced on 14 September 2019 – may now be delayed a further 18 months until March 2021.

Two factor authentication
Two-factor authentication

It appears that some financial, retail and travel companies will have checks in place by the current deadline, while some are delivering the bare minimum to be compliant and are preparing for a phased rollout. But this lack of ‘preparedness’ would make more than a quarter of payments currently impossible to complete*

Apparently, certain key technicalities are still yet to be confirmed and companies have asked for more time to prepare – despite the regulation being known about and introduced way back in January 2018.

Now whether this is lethargy by companies not getting their act together, or still working out their customer journeys and not realising the magnitude of the project – or whether it’s the technicalities of legacy or old non-compliant systems and processes, it looks like it’s just not going to happen by the original due date

Businesses in the UK (retail and financial) are communicating these changes to their customers. You may have had an email, received a letter – or seen the pages and videos on your bank’s website, or someone may have told you. But are we all still a little unsure what it all means, what’s actually changing – and what we’ll have to do going forward?

For example, I know, as it’s part of my remit having a financial services client, that you’ll still be able to use contactless card for purchases up to £30 at the till just as you do now. But are you aware of what happens when you do your weekly shop instore and it comes to over £30 Or what happens when you spend over £30 online?

  • Do you need to prove who you are – even to Julia the lovely cashier you speak to every morning, who even knows the name of your cat?
  • Does it mean you have to have your mobile phone on you all the time? What if there’s no connection?
  • What if your phone’s battery has just died?

By now, with just a few weeks to go, surely it should be crystal clear to everyone what we need to do when we shop and bank online. But it’s not, and I bet more than a few of us will still be scratching our heads by next Christmas.


*2-factor authentication can be any two of these three things:

  • Something you are – like your fingerprint or voice ID.
  • Something you know – like your bank account username, password or letters from your memorable information.
  • Something you have – like your mobile phone or laptop.

Jo Deverill-Slade

August 9, 2019

Share :