Aggregated News From Investment Management Regulators

Financial Supervisory Authority complies with EBA-proposed additional time for strong customer authentication in e-commerce card-based payments – requirements must be implemented by 31 December 2020

Report/Flag

Please complete the required fields.



On 16 October 2019, the European Banking Authority (EBA) published an opinion on the granting of additional time for implementing the requirements of strong customer authentication (SCA) in e-commerce card-based payments. In its opinion, the EBA expresses the view that national competent authorities (NCAs) may grant additional time, until 31 December 2020, for implementing the requirements of and migration to SCA. Additional time means that, temporarily, NCAs will not impose administrative sanctions on their supervised entities, even if supervised entities neglect their legal obligation to authenticate customers strongly in connection with e-commerce card-based payments.

The EBA opinion includes recommendations on measures by which NCAs should monitor the progress made by the different parties to the card-based payment process in implementing the requirements of SCA. The objective of the measures is to ensure as consistent as possible supervisory practices throughout the European Union.

In its own supervisory work, the FIN-FSA will comply with the additional time proposed in the EBA opinion and the supervisory measures plan described therein. The FIN-FSA requires all of its supervised entities who are parties to e-commerce card-based payments to have a realistic plan for implementing migration to SCA.

The FIN-FSA will monitor supervised entities’ progress in migrating to SCA according to plan and that the requirements are implemented within the additional time period. The FIN-FSA encourages all parties to e-commerce card-based payments to prioritise migration projects and to strive to ensure that migration to SCA is completed in good time before the end of the additional time granted in the EBA opinion.

The FIN-FSA reminds supervised entities that the regulations on SCA entered into force on 14 September 2019. The entry into force of the regulations will impact, among other things, cases of liability for abuse between consumers and their service providers. The additional time granted for implementing the technical requirements will not weaken consumers’ rights in card-based payments. Consumer communications must provide a true picture of the division of responsibility in cases of abuse.

For further information, please contact

  • Sanna Atrila, Senior Legal Adviser, tel. +358 9 183 5552 or sanna.atrila(at)fiva.fi (from 21 October 2019)
  • Hanna Heiskanen, Senior Digitalisation Specialist, tel. +358 9 183 5202 or hanna.heiskanen(at)fiva.fi
  • Anu Kettunen, Legal Adviser, tel. +358 9 183 5309 or anu.kettunen(at)fiva.fi
  • Heli Mäkitalo, Risk Specialist, tel. +358 9 183 5369 or heli.makitalo(at)fiva.fi

Attachments

Opinion of the European Banking Authority on the deadline for the migration to SCA for e-commerce card-based payment transactions, published 16 October 2019

FIN-FSA supervision release 5 September 2019

FIN-FSA statement 24 June 2019

Background information on PSD2 regulations

Strong customer authentication (SCA) refers to electronic authentication of payment service users that protects the confidentiality of security credentials and uses a procedure based on at least two of three mutually independent options. These options are knowledge, i.e. something only the payment service user knows (e.g. PIN code, password), possession, i.e. something only the user possesses (e.g. mobile phone, code calculator), and inherence, i.e. something only the payment service user is (e.g. fingerprint, face map).

Service providers must use SCA if a payer accesses its payment account online, initiates an electronic payment transaction or carries out any action through a remote channel that may imply a risk of payment fraud or other abuse. SCA in accordance with the regulations must therefore be used, as a rule, in all payer-initiated electronic payment transactions, for example in online banking, e-commerce or at a retail payment terminal.

The regulations specify limited situations where SCA need not be implemented. These include, for example, contactless payments up to EUR 50 in a brick and mortar store or online payments up to EUR 30. Even in these situations, SCA is also required when the security limits set for individual purchases or the total amount of purchases are reached.

For more information on PSD2 regulations, visit the FIN-FSA website.

The corresponding Finnish-language supervision release was published on 18 October 2019.

Source link

Regulator Information

Abbreviation: FIN-FSA
Jurisdiction: Finland

Recent Articles

SEC Approves Registration of First Security-Based Swap Data Repository; Sets the First Compliance Date for Regulation SBSR

The Securities and Exchange Commission today announced that it has approved the registration of its first security-based swap data repository (SDR).

Regulation for a different world

Speech by our CEO, Nikhil Rathi, delivered at Association of Foreign Banks – CEO Programme 2021 – The UK Regulatory Landscape Post-Brexit and Beyond.  Speaker: Nikhil...

Keynote speech by the Chairman of the FSMA at a high-level conference on sustainability reporting organized by the European Commission

On Wednesday, 6 May 2021, Jean-Paul Servais, Chairman of the FSMA and Vice Chair of IOSCO, gave a speech at a major conference of...

Credit Suisse Bonds / Suisse Capital Wealth Bonds (Clone of FCA authorised firms)

Fraudsters are using the details of firms we authorise to try to convince people that they work for a genuine, authorised firm. Find out...

www.myinvestmentoptions.co.uk

We believe this firm may be providing financial services or products in the UK without our authorisation. Find out why you should be wary...

Get the latest from Regulatory.News in your inbox!

×