SCA extra time fragmenting markets

National competent authorities (NCAs) may have inadvertently fragmented the payments market over their handling of the phased implementation of Strong Customer Authentication (SCA) provisions, agree the heads of two payment associations.

Merchants who comply with the regulations look set to be put at a disadvantage according to Tony Craddock, director general of the Emerging Payments Association.

“What you end up with if you are not careful is the website that doesn’t conform to the regulations gets more business and more volumes than the ones that do. If you follow that logical thinking through, that suggests that those organisations that conform to the SCA requirements could be punished for doing so,” says Craddock.

“If that is a situation that can arise, then what is likely is that the organisations that have adopted it will unadopt it,” he says.

On August 13, the UK’s Financial Conduct Authority (FCA) stated it had agreed a 18 month phased plan for the implementation of SCA based on recommendations from the European Banking Authority (EBA) made in June. This will give payments and e-commerce providers extra time to comply with the regulation.

“The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction,” said Jonathan Davidson, executive director for supervision – retail and authorisations in the statement.

For Paul Rodgers, chairman of Vendorcom, responsibility for the success of SCA implementation lies with the EBA.

“The EBA is going to have to step up and recognise that it has a coordinating role and not to coordinate would be a disaster for the international or cross-border payments sector, and it does make a complete farce of the concept of a digital single market in the merchant payments, consumer payments world,” says Rodgers.

“International trade is really important and frankly it is part of the European dream, and the regulators have actually regulated against the European economic ideals of cross-border trades and so on.”

The EBA has used the Interactive Single Rulebook as a method of addressing concerns arising in the industry with the PSD2 regulation. Rodgers says there are a number of questions that have yet to be addressed regarding SCA but plans in the UK to address these queries within the FCA’s implementation plan will not work.

“There was talk yesterday that outstanding items could be dealt with in the UK, with the UK’s transitional rollout plan but I don’t actually see that as possible,” says Rodgers. “I think the EBA is the only real authority to make a pronouncement and a determination on what the right approach is otherwise they could do what they did in June and pull the rug from under any transitional roll out program by saying we have changed our minds, this is how we see things.”

A lack of consistency across banks and issuers remains of utmost concern, according to Rodgers.

“Some are using hardware devices, card readers that they sent to their card holders to read a card and provide a one-time passcode. Some are talking about one-time passcode by SMS,” he says.

“One of the things that I have argued for is consistency, and in fact I have called upon the regulator to mandate collaboration to the point of actually outlawing competition. And that is not something a regulator would do because they worship this whole concept of competition as if it were sacrosanct. And actually, on something like this, competition is actually damaging. They ought to provide a ubiquitous, unified approach that we can then communicate clearly to the cardholder, and clearly to the merchant,” he says.

Related reading