twitter logo linkedin logo facebook logo

Strong Customer Authentication Delayed, again (2 min read)

Michael Tanaka, CCO

psd2 logo

This month a statement from the FCA read: “In the exceptional circumstances of the Covid crisis, we are giving the industry an additional 6 months to implement strong customer authentication (SCA) for e-commerce. This will minimise potential disruption to consumers and merchants. The new timeline of 14 September 2021 replaces the 14 March 2021 date. Firms are required to take all necessary steps to comply with the revised detailed phased implementation plan and critical path to avoid the risk of enforcement action.”

Last year the FCA delayed the implementation of Strong Customer Authentication to March 2021. A far distance from the original September 2019 goal. Earlier this month a further delay was announced, meaning that the longed for enhanced authentication for consumers buying online won’t be a legal requirement until September 2021. It gives e-commerce firms another six months to deploy a compliant solution. And cyber criminals a further opportunity to exploit weak authentication solutions.

SCA is part of the European Payment Services Directive 2 (PSD2). It provides an online equivalent to chip-and-pin processing for cardholder-not-present payments. The objective is to minimise the opportunity for criminals to make online purchases using stolen credit card data. It’s good. Similar to the Chip and PIN concept in store, any consumer making an online purchase over €30 may be required to complete a multi-factor authentication.

Stronger authentication for financial transactions should be a must. The industry needs to eliminate the risk of criminals paying for goods not authorised by the designated payee – a notion that is agreed across the board. But multi-factor authentication can be tiresome and arduous.

In recent studies Google found that 38% of users did not have access to their phone when challenged to authenticate. So, rather than having to reach for your phone every time you need to verify a payment, MIRACL Trust allows user to authenticate within the browser. Similar to the chip and PIN concept but online in one simple user step. Easy for the customer and reassuringly safe for the seller.

Rob Griffin, CEO at MIRACL comments, “Further delay to this important legislation is understandable but equally concerning. As we endure further lockdown measures, which for some may continue for some time yet, digital living has becoming the norm. Online purchases are increasing daily and with it the risk of consumers to be exploited by cyber criminals. MIRACL has a solution that is easy to implement, highly secure and complies with the requirements for PSD2. If you can, why not implement now?”

Over 70% of online transactions made today aren’t compliant with SCA. It’s time the sector woke up and did something to change this. Even with the latest delay to implementation, organisations need to start making the right steps to ensure they comply else face hefty consequences in months to come.

Find out more about MIRACL’s highly secure online authentication that complies with PSD2 by visiting MIRACL or follow us on social media: Twitter@MIRACL | LinkedIn MIRACL

Get the MIRACL memo in your inbox

Get in touch to learn more

You can opt out at any time. See our privacy policy here.