Strong Customer Authentication (SCA): Introduction
September 14, 2019 has come and gone. For payment service providers (PSPs), the run up to the date became like the countdown to Y2K; there was confusion over what changes were necessary and concern about what would happen. Questions arose from all corners as rules written to enforce strict authentication standards on online payments for business models that had never been available in a live market before were about to be enforced. But unlike Y2K, the ticking clock wasn’t inevitable and at the last minute, regulators gave some leeway, or at least, some of them did. Maybe I am getting ahead of myself; let’s set the scene first.
25 November 2015 – The European Commission (EC) publishes the final version of the second payment services directive (PSD2), one of the goals of which was to create a more secure market of electronic payments. Within PSD2, one of the many obligations put on the European Banking Authority (EBA) was to develop regulatory technical standards for customer authentication and common and secure communication.