A new system designed to tackle fraud in online shopping has been delayed for 18 months. Banks and retailers had been expected to introduce a new layer of security from mid-September that would normally see a passcode sent to a customer’s mobile phone at the point of checkout for online purchases of £28 or more. However, following pressure from the industry, the Financial Conduct Authority (FCA) has agreed on a plan that gives the payments and e-commerce industry extra time to implement Strong Customer Authentication (SCA).

From 14th September 2019, the new European Union (EU) rules will start to apply that impact the way in which banks or payment services providers verify their customer’s identity and validate specific payment instructions. The new rules, called Strong Customer Authentication (SCA), are intended to enhance the security of payments and limit fraud during this authentication process.

The FCA has agreed on an 18-month plan to implement SCA with the e-commerce industry of card issuers, payments firm and online retailers. The plan reflects the recent opinion of the European Banking Authority (EBA) which set out that more time was needed to implement SCA given the complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers.

Jonathan Davidson, Executive Director for Supervision – Retail and Authorisations, said “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.

“The FCA will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.”

The FCA will also continue to monitor the extent to which banks and payment service providers are meeting its expectation that they consider the impact of SCA on different groups of consumers, and provide alternative means of authentication where needed.

Responding to the announcement, Eric Leenders, Managing Director of Personal Finance, UK Finance, said “Fighting fraud must be a priority for everyone and these new rules will be an important tool in protecting customers, helping keep them safe when they shop online. Today’s FCA plan, which supports our proposals for a managed rollout, will help the industry ensure a timely migration to SCA and result in the best outcomes for consumers while effectively balancing both convenience and security.”

“The banking and finance industry has worked closely with the FCA, retailer groups and other stakeholders to deliver these required changes in a way that minimises any disruption for consumers and businesses. We want to ensure that the convenience of making an online payment is balanced with these increased security standards.”

“We expect that providers will have appropriate solutions in place to allow their customers to authenticate themselves. This could mean your bank or provider using a text message, phone call, banking app or card reader to check your identity. Other methods are available and more are being developed that will make it even easier to shop more safely online in the future, including biometric technologies that could allow customers to be identified with something as simple as a thumbprint.”