The deadline for merchants, payments providers and financial institutions in the U.K. to implement Strong Customer Authentication (SCA) on e-commerce transactions arrived this week. The rules, which began as part of the EU’s second payment services directive (PSD2) and survived Brexit, require additional fraud prevention measures on all e-commerce transactions including two-factor authentication.
The U.K.’s Financial Conduct Authority extended the Sept. 14, 2021 deadline—which itself had been extended in 2019—to give merchants and other stakeholders more time to comply with SCA after the industry expressed continued concern that many of its members would still not be ready when enforcement of the regulation began.
U.K. retailers had been concerned that the rules would introduce friction into e-commerce transactions that consumers are turning to in rapidly increasing numbers because of their convenience.
“The BRC and our members have worked with suppliers to ensure multiple fraud checks are performed behind the scenes and any additional friction is kept to a minimum,” said Tom Ironside, director of business and regulation at the British Retail Consortium, a London-based trade association for merchants. “Customers should be reassured that buying online has never been safer.”