In my previous blog, I outlined the basic requirements of the new obligation, brought in under PSD2 (the second Payment Services Directive), for all payment service providers to apply strong customer authentication (SCA) in certain circumstances. SCA has to be applied both when accessing payment account information and when initiating a payment transaction meaning that a customer checking their account and then paying a couple of bills would have to go through SCA multiple times in one session, which is far from ideal on the user-experience scale. To avoid this, you, as a payment service provider (PSP) can apply one of nine exemptions, if circumstances permit.
Strong customer authentication (SCA) is a valid attempt by the EU to curb electronic payment fraud, including ‘card-not-present’ fraud. From a glance the concept is fairly simple, it will be a regulatory obligation to apply two factor authentication (2FA) to the electronic payment process. However, it’s not all quite as simple as that as SCA has more requirements than just the frequently touted 2FA. This blog will provide the basics on SCA and subsequent blogs will go into more detail on the exemptions and how SCA differs from simple 2FA.
New rules for payment and e-money institutions
Over the past couple of months, the FCA has been consulting on whether to apply the Principles for Businesses, and some other Handbook rules, to payment and e-money institutions and registered account information service providers. This marks another step in the FCA’s journey towards greater supervision of the non-bank payment services sector.
With the vast majority of e-money and payment institutions successfully re-authorised, let’s take a look at how the FCA intends to monitor this growing population of firms.
In a previous blog post, I took a look at the upcoming access changes to the UK’s RTGS system (the Clearing House Automated Payment System) and, in the blog post before that, the UK’s new payment architecture. In the latter, you might remember, we touched on the consolidation of three separate payment service operators (PSOs) – Bacs, Faster Payments Service and the Cheque & Credit Clearing Company – under a New Payments Service Operator (NPSO).
It’s been five months since the FCA’s doors opened to applications from the new payment service providers, often referred to as third party providers (TPPs), and two months since they could appear on the Register so it’s a good time to ask how many have seized the opportunity presented by the second payment services directive (PSD2).
The answer is: ‘not so many’.