In my previous blog, I outlined the basic requirements of the new obligation, brought in under PSD2 (the second Payment Services Directive), for all payment service providers to apply strong customer authentication (SCA) in certain circumstances. SCA has to be applied both when accessing payment account information and when initiating a payment transaction meaning that a customer checking their account and then paying a couple of bills would have to go through SCA multiple times in one session, which is far from ideal on the user-experience scale. To avoid this, you, as a payment service provider (PSP) can apply one of nine exemptions, if circumstances permit.
Strong customer authentication (SCA) is a valid attempt by the EU to curb electronic payment fraud, including ‘card-not-present’ fraud. From a glance the concept is fairly simple, it will be a regulatory obligation to apply two factor authentication (2FA) to the electronic payment process. However, it’s not all quite as simple as that as SCA has more requirements than just the frequently touted 2FA. This blog will provide the basics on SCA and subsequent blogs will go into more detail on the exemptions and how SCA differs from simple 2FA.
Better customer service, cleaner user interfaces, simpler language, spending insights and even gambling blocks…digital banks or ‘challenger banks’ as they are commonly referred to, have taken the UK banking market by storm and with features like these, no wonder they are signing up thousands of new customers every day. However, as the large incumbents awaken from their slumber, are they starting to realise they must fight back no matter how much they make light of these new players?
Jamie Cooke, Managing Director of fscom, gives his opinion...
As we marked the first anniversary of PSD2 implementation (at least, in the UK!) this week, there will doubtless be numerous conversation pieces and reflections about the success of PSD2 so far – and its relationship with Open Banking – and what more delights both have to offer in 2019, the year the UK is supposed to leave the European Union.
Under PSD2, all payment services providers, including credit card providers, money remitters and e-money issuers, account information service providers (AISP) and payment initiation service providers (PISP) are required to file reports in relation to confirmed fraudulent activity, known as the REP017 report.
The REP017 report provides the means for firms through Gabriel to provide the FCA with statistical data on fraud related to different means of payment which in turn is aggregated and shared with the European Banking Authority and European Central Bank.
The first submission for REP017 is scheduled for 31st January 2019 covering the period from the 13th January 2018 to 31st December 2018. For this period, the FCA have published an interim REP017 report to be completed.
This blog aims to give a high-level overview of who REP017 applies to, what transactions it captures and how the data on fraudulent transactions need to be categorised.
Assurance, or the use of auditors to search for problems at firms, can be very useful to the regulated community in all manner of ways, especially during the authorisation process or in respect of the EU's Payment Services Directive.
As we embark upon yet another week of uncertainty regarding what Brexit deal, if any, the Prime Minister might secure, the latest in my Q&As with EU regulators sees me heading to Sweden.
I fondly recall, back in my FSA days, visiting Finansinpektionen (the Swedish FSA) to find out more about the payments market in Sweden and how they approached licensing and supervision, given they were one of the few EU Member States that took advantage of article 26(1) of PSD1 to allow for ‘Small Payment Institutions’ (SPIs). Colleagues at Finansinspektionen were friendly, approachable and keen to exchange knowledge and experience, so I was hopeful that they would continue to be so despite my own departure from the regulator. I am thankful, therefore, to Roger Jacobsson for sparing the time to answer our standard questions regarding UK payment/e-money institutions looking to establish a second business in Europe to benefit from passporting rights.
New rules for payment and e-money institutions
Over the past couple of months, the FCA has been consulting on whether to apply the Principles for Businesses, and some other Handbook rules, to payment and e-money institutions and registered account information service providers. This marks another step in the FCA’s journey towards greater supervision of the non-bank payment services sector.