Less that three months before the regulation comes into foirce, the EBA acknowledges lack of readiness for PSD2 Strong Customer Authentication (SCA) and sanctions some flexibility on implementation, while making clear that the most widely used SCA approach is non-compliant. FirstPartner and The Human Chain analyse the impact for the payments industry.

On Friday 21st June the European Banking Authority (EBA) published a new Opinion Paper on the elements of strong customer authentication (SCA) under PSD2 which has subsequently been backed up by a confimatory statement from the European Commission. This opinion has significant practical implications for issuers, acquirers, card schemes and local regulators currently working to prepare for the imminent deadline for compliance with the PSD2 SCA Regulatory and Technical Standards (RTS) on 14th September 2019.

Over the past three years FirstPartner and The Human Chain have been working closely with payment schemes and PSPs (issuers, acquirers and their technology partners) supporting their preparations for PSD2. During this time, the need to strike a pragmatic balance between the objectives and spirit of the regulation and the practical challenges of implementing transaction authentication solutions that will work for consumers and merchants, and that are practically deliverable by PSPs and vendors, has become apparent.

In this blog post we summarise the main points made by the EBA, look at their potential impact and suggest the actions stakeholders need to take.