Central Bank faces calls to further delay new rules on online payments

Slow move to Strong Consumer Authentication on fears of Covid-19 ecommerce impact

Pressure is mounting on the Central Bank of Ireland to further delay the enforcement of new EU regulations aimed at making online payments more secure.

The Banking and Payments Federation of Ireland (BPFI) said it was worried about possible disruptions as online retailers upgrade their payments systems to comply with Strong Consumer Authentication (SCA). It said this is a particular concern during the Covid-19 crisis given the number of consumers reliant on online shopping for essential goods.

The pressure comes as the Financial Conduct Authority in the UK said on Thursday it was extending the deadline for SCA compliance once again due to the coronavirus pandemic.

The authority has agreed to give the financial industry a further six months to implement SCA, with the deadline pushed out to September 14th, 2021. This is exactly two years after compliance with the legislation was expected to be completed.


18-month extension

The European Banking Authority (EBA), the regulatory agency that supervises banking across the EU, is also being lobbied hard on the issue. It agreed to an 18-month extension last August. However, the European Payment Institutions Federation, whose members include Visa and Mastercard, this week petitioned the EBA to allow an additional six months for industry to be fully SCA-ready as against the current deadline of December 31st, 2020.

A spokesman for the Central Bank said it continued to take guidance from the EBA and was sticking with the recommended deadline. However, the EBA does allow national authorities to make extensions in “exceptional circumstances”.

The BPFI called for clarity on the SCA deadlines due to the impact of Covid-19 and the pressure it has imposed on the financial sector.

“As the current situation has created a significant amount of uncertainty in the market on whether the current enforcement date can be achieved, BPFI believes it is crucial for the market to have final clarity on the expected SCA migration deadline as soon as possible and is seeking confirmation from the authorities in order to allow the market to plan accordingly,” a spokeswoman for the BPFI said.

Extra authentication

SCA was originally supposed to come into effect on September 14th, 2019. The legislation, which is forecast to radically change the way European customers buy online, requires businesses to build an extra layer of authentication into online card payments for payments above €30. This means consumers buying things online will soon have to confirm their identity using two authentication methods, such as a password, a phone or their fingerprint.

A report by online payments company Stripe last year indicated that close to half of businesses were not in a position to meet the original deadline for SCA compliance.

However, some groups have warned that the continued pushback on deadlines is bad news for consumers who remain at risk of fraud.

Charlie Taylor

Charlie Taylor

Charlie Taylor is a former Irish Times business journalist