The UK Financial Conduct Authority (FCA) will allow for an 18-month delay to the introduction of Secure Customer Authentication (SCA) rules. An additional one-year extension will also be given to businesses in the hospitality and travel sector.
The SCA rules are a new set of requirements for authenticating online payments in Europe, agreed upon as part of the second Payment Services Directive (PSD2).
Some say the delay is critical to avoiding issues with payment processing as many retailers are simply not ready to comply.
“The decision by the FCA avoids a payments cliff-edge, whereby 25-30 percent of e-commerce transactions made online after September 14 would have been at risk of failing as a result of the new laws,” said Andrew Cregan, Payments Policy Advisor at the British Retail Consortium, in response to the news.
But others in the fraud-prevention industry note the delay will leave payment processors open to fraudulent activity for a longer period.
“During this 18-month delay, cybercriminals will continue to capitalize on retailers’ weak spots, and it’s the responsibility of businesses to shore up defenses at all stages of the customer journey, not only at the payment stage,” said Michael Reitblat, CEO of Forter, a fraud prevention company. “As a result, online merchants shouldn’t use this time period as an excuse to hold off on compliance. What merchants should be doing—immediately—is deploying antifraud systems that will improve their cybersecurity measures ahead of regulation updates.”
Reitblat also notes the time has never been more critical for businesses to implement safeguards as fraud activity increases.
“The instances of fraud rings have increased by 26 percent this year, according to Forter’s 6th Fraud Attack Index. The FCA’s delay of SCA enforcement only provides fraudsters with more opportunities to continue their sophisticated schemes.”