We use cookies to better serve you
I AgreeMore InfoMore Info
1. Update to our Privacy Policy

Hi! We have updated our Privacy Policy to make sure you stay well informed about how we process personal data.

2. Cookie Policy

We place cookies in order to make sure our website works properly and to improve your browsing experience, to offer social media functionalities, to streamline and personalize our marketing content and to show you personalized advertisements (including on third party websites). We sometimes share cookie data with our partners for these purposes. Our cookies remember your settings and the data you fill out on forms on our website and analyze traffic to our website. Our cookies also register how you found us and collect information about your browsing habits. You can read more about our use of cookies and how we share data with our partners, and can change your settings on our Cookie Policy.

SCA (strong customer authentication) is fast approaching

9
Sep

SCA requirements are scheduled to go into full effect on 14 September 2019. Following the recent document published by the European Banking Authority, many European countries have published respective statements that they will allow an extended time frame to enable payment facilitators to fully comply with regulations. The extension is mostly valid for eCommerce and card payments. Here is a breakdown of the different European countries and their statements: 

Austria

Austria announced a temporary enforcement extension for Austrian cards. The enforcement should go into full effect by the end of September. 

Belgium

The Belgian regulator released a formal announcement setting out the Bank's expectations regarding the regulatory technical standard for SCA of online payments.

No set timeline has been published as of now. 

Denmark

Denmark released an official announcement of an 18 month extension period for SCA . The FSA emphasized that the implementation period will not change the fact that the rules on strong customer authentication will enter into force on 14 September 2019. 

Finland

Finland announced a temporary enforcement extension for Finnish cards. The Financial Supervisory Authority will decide on the length of the transitional period this year after further consulting with the supervisors of other Member States.

France

The French are also working on a phased implementation plan, and have released an official document breaking down their current status and plans ahead.

Germany

Payment service providers based in Germany are allowed to make credit card payments on the Internet from September 14, 2019 initially without strong customer authentication. BaFin estimates that the card-issuing payment service providers in Germany are prepared for the new requirements, while companies that use credit card payments on the internet as payees might not be fully prepared yet.

Ireland

Ireland released an announcement stating a migration period limited only to eCommerce transactions. Therefore no disruption to payments systems is anticipated.

Italy

The Italian regulators also released an announcement stating a transitional migration period, although its length of delay has not yet been officially confirmed.

Luxembourg

The Luxembourg regulator announced a temporary enforcement extension for Luxembourg cards. The financial institutions that wish to make use of the extension period are required to inform the CSSF and back their request with a proper migration plan and timelines.

The Netherlands

The DNB (De Nederlandsche Bank) has released the regulator's intention to allow parties that were unable to prepare for SCA (for credit card transactions) a limited extension time - the amount of time hasn't been stated.

Norway

The Norwegian regulator also announced a temporary enforcement extension for eCommerce and card payments. The payment service providers who need to extend their deadline are requested to contact the Financial Supervisory Authority.

Poland

The Polish regulator also announced an extension for Polish cards, contactless payments, and eCommerce. A proper migration plan will need to be submitted by the relevant parties in order to benefit.

Slovenia

Since the authentication of the majority of card payments made in online stores in Slovenia (and the wider EU) is currently protected only by a one-time password received via a text message, such method of authentication does not meet the requirements of SCA. To ensure compliance, the Bank of Slovenia allows an extension for Slovenian payment providers with registered office in Slovenia beyond the deadline of 14 September.

Sweden

The Swedish regulator also published an announcement that allows extension beyond 14 September for SCA. The extension applies for eCommerce transactions made with card payment. A submission of a detailed plan will have to be submitted and should include the company's planned communication activities to inform e-merchants and payment service users about the new conditions.

UK

On 13 August 2019, the UK regulator announced an 18 month phase-in period for SCA requirements on online card payments. As a result, we don't expect banks to fully require SCA for online payments from UK cards until March 2021.

So what should you do as a merchant? 

The enforcement of SCA in Europe is treated with great importance so we recommend all merchants to make all necessary arrangement to be compliant on time (i.e. 14 September 2019).

Here at ZOOZ we are following the changes and announcement closely to keep you up-to-date with all of the changes as well as to ensure our merchants' full compliance. You can learn more on how to be compliant as a ZOOZ merchant here.




A few more interesting reads

International Payment Preferences part 1

International Payment Preferences part 2

Six Ways to Increase Your Approval Rate

Stay on top of your payments

Sign up for our newsletter to get the latest payment news

By clicking Subscribe you agree to ZOOZ’s Privacy Policy.