The last date for implementation of PSD2 – 14 September 2019 - is now well past us. And the European Banking Authority (EBA) acknowledges that some merchants may face difficulty implementing the new standards.
The market players had numerous queries regarding the authentication approached compliant with EBA's directive for Strong Customer Authentication (SCA). In addition, businesses and banks were apprehensive about the mandatory SCA requirement for all digital payments above 10 Euros. The financial institutions fear that although SCA implementation will benefit the customers, it will lead to delays and subsequent reduction in online sales.
Also ready: PSD2 comes knocking, providers not yet ready
In view of the concerns and inadequate preparedness of merchants—owing to complex payment processes—the EBA has published an Opinion. In a press release of 13 September 2019, the European Commission has published that the EBA acknowledges implementing the new standards might be difficult for some merchants. According to the FAQs published in the press release, “the new SCA requirements are applicable as of 14 September 2019, and are being gradually introduced in line with migration plans designed under the authority of national and European supervisors. Some Member States are more advanced than others. We encourage all stakeholders to speed up their efforts to ensure that the new requirements are rapidly and fully in place across the whole EU.”
The press release further states that “European banking authority (EBA) acknowledged the challenges experienced by some stakeholders to introduce SCA fully by 14 September. The EBA, therefore, adopted an Opinion on 21 June 2019 allowing national supervisors to enforce the new SCA rules on online payments by cards with a degree of flexibility, granting where necessary ‘limited additional time' to migrate to compliant authentication methods. Consumers should continue to pay as normal in Member States that decide to avail of this flexibility. At the end of this period of time, consumers will be asked to perform the two-factor strong customer authentication, unless an exemption applies.”
The caveat, however, is that additional time will be granted only if the payment service providers (PSPs) have a migration plan as well as a time-bound implementation plan.
The article has been written by Neetu Katyal, Content and Marketing Consultant
She can be reached on LinkedIn.