UK Conduct Regulator Grants Regulatory Forbearance From Strong Customer Authentication for E-Commerce Transactions

The U.K. Financial Conduct Authority has granted firms an additional six months to implement strong customer authentication for e-commerce, extending the deadline from March 14, 2021 to September 14, 2021. The forbearance has been granted in light of the exceptional circumstances arising from COVID-19, in a bid to minimize disruption to consumers and merchants.

The SCA requirements were established at EU level by the European Banking Authority in accordance with the Payment Services Directive and came into force on March 14, 2018, with the majority of provisions applying legally from September 14, 2019. The SCA requirements set out the security measures that payment services providers must implement, including transaction monitoring mechanisms and customer authentication standards. An exemption was granted in August 2019 for card-not-present e-commerce transactions, meaning the SCA requirements would only apply to those transactions from March 14, 2021. The FCA has therefore further extended the deadline for transactions subject to that exemption. UK Finance, the industry body responsible for coordinating with industry and the FCA on implementation of the requirements, is expected to agree a phased implementation plan taking account of the delay with the FCA as soon as possible and firms should, in the meantime, continue with preparatory activities.

View the FCA's statement on strong customer authentication.

View details of the FCA's exemption from SCA requirements for e-commerce transactions.

Details of other regulatory responses to COVID-19 are available at our COVID-19 Research Center.

Return to main website.