Regulator gives businesses more time to comply with new ecommerce rules

Banking sector welcomes deadline extension for roll-out of online payments changes

The Central Bank of Ireland has delayed the enforcement of new EU regulations aimed at making online payments more secure.

The move comes just two days after it was reported that its British counterpart, the Financial Conduct Authority, is to delay enforcement of strong customer authentication (SCA) by a further 18 months.

The decision by the Central Bank comes amid concerns of a lack of preparedness by businesses in complying with the new measures .

SCA is a new EU regulation that comes into effect on September 14th which is forecast to radically change the way European customers buy online. The legislation, which forms part of the PSD2 “open banking” regulations, requires businesses to build an extra layer of authentication into online card payments for payments above €30.

What this means in effect is that consumers buying things online will soon have to confirm their identity using two authentication methods, such as a password, a phone, or their fingerprint. The impact of the regulation for businesses is significant as many have to upgrade their payment platforms ahead of the legislation coming into force.

Hit to European economy

Stripe, the online payments company set up by the Limerick-born brothers Patrick and John Collison, is among a number of retailers and processors that include Amazon and Worldpay, that have warned that billions of euro of transactions are at risk due to the introduction of SCA.

A recent report conducted on behalf of Stripe concluded that Europe stands to lose €57 billion of economic activity in the first 12 months after SCA takes effect.

That report found that just 44 per cent of businesses expected to be compliant with the new regulations by mid-September.

The European Banking Authority (EBA) in June rejected calls for an extended grace period for businesses, saying that companies had been given ample time to comply with the new regulations. However, it did allow national authorities to offer limited extensions on an "exceptional basis".


The legal deadline for complying with the regulatory technical standards on SCA remains September 14th, however, the Central Bank on Friday confirmed it would provide additional time to allow industry to implement the necessary reforms. It did not say how much longer businesses would be given.

“The Central Bank of Ireland recognises the difficulties with meeting this deadline. We have been engaging with the industry to develop a migration plan to implement SCA for ecommerce transactions, as soon as possible after this date,” it said.

The regulator added it was in talks with the EBA and other regulators to try to agree a harmonised approach to the migration time periods across the EU.

The Banking and Payments Federation of Ireland welcomed the extension.

“Today’s statement by the Central Bank is a very positive development for consumers and online businesses as it will prevent unintended disruption to online shopping from September 14th,” said Gill Murphy, head of payments schemes at the BPFI.

“That said, any additional time will be limited so it is critical that all ecommerce businesses and operators continue to progress their preparation and implementation at pace,” she added.

Regulators in several other countries, including France and the Netherlands, are believed to also be weighing an extension for businesses.

Latest Stories