What are you doing to protect your customers from authorised push payment (APP) scams? That is a question payment service providers (PSPs), including payment and e-money institutions, will have to answer following regulatory intervention in the UK to force the industry to tackle the problem following Which?’s supercomplaint in 2017.
fscom’s Director, Alison Donnelly, who was recently appointed as the European Women in Payments Network (EWPN) Ambassador for Ireland, will be hosting the event at the offices of FPAI.
With only four months to go to the final PSD2 implementation date of 14 September 2019, all payment service providers must make sure they are urgently progressing plans to meet the additional regulatory obligations or to confirm that their obligations are met.
In my previous blogs I have given you the basics of strong customer authentication (SCA) and explained how the exemptions could be used to minimise the disruption experienced by payment service users when making payments or accessing transaction information. In this blog, I will take a closer look at the details of the SCA obligations and explain why it’s not as simple as the much-mentioned two-factor authentication (2FA).
In my previous blog, I outlined the basic requirements of the new obligation, brought in under PSD2 (the second Payment Services Directive), for all payment service providers to apply strong customer authentication (SCA) in certain circumstances. SCA has to be applied both when accessing payment account information and when initiating a payment transaction meaning that a customer checking their account and then paying a couple of bills would have to go through SCA multiple times in one session, which is far from ideal on the user-experience scale. To avoid this, you, as a payment service provider (PSP) can apply one of nine exemptions, if circumstances permit.
Strong customer authentication (SCA) is a valid attempt by the EU to curb electronic payment fraud, including ‘card-not-present’ fraud. From a glance the concept is fairly simple, it will be a regulatory obligation to apply two factor authentication (2FA) to the electronic payment process. However, it’s not all quite as simple as that as SCA has more requirements than just the frequently touted 2FA. This blog will provide the basics on SCA and subsequent blogs will go into more detail on the exemptions and how SCA differs from simple 2FA.
Following on from my previous blog post, where I looked at the UK’s current and future payments architecture, one of the most interesting developments identified at the Project Regulator event that could be a game changer for payment and e-money institutions concerns the UK’s interbank real time gross settlement (RTGS) system.