Bumpy transition to Strong Customer Authentication in the EU


Strong Customer Authentication has entered into force in September 2019. To avoid a cliff-edge and give the time for the payment sector to adjust to these new rules, an additional 15-months (until December 2020) of flexible enforcement was granted to Member States to decide 9the best way forward to ensure both compliance and sufficient level of preparedness.

With the impact of the COVID-19 on the payment industry, but also the retail and leisure sector, certain Member States have decided to adopt formal and informal gradual enforcement strategies to enable further testing and preparations.

For example, France has been implementing gradual enforcement with soft decline, with the next deadline on 15 March for all transactions above 250€ to be compliant with SCA. Similar plans can be found in Germany, Italy and so on.

The implementation and enforcement are accompanied in most countries by an attempt to monitor the evolution of the situation. It is however still difficult to get a clear picture of the impact, considering most of the data gathered still focuses on compliance rather than performance.

Increased failure rates have been witnessed all across the EU. The reason behind increase failure rates seems to be diverse, from infrastructure and technical challenges, the question of availability and usability of exemptions, 3D-secure enrollment, and so on.

Further assessment of the impact, taking into account a wider range of metrics to ensure breakdown results and a bigger focus on performances, is needed to get a clearer picture of the situation and inform stakeholders and policymakers.

For more information on Strong Customer Authentication, please contact juliettebeaulaton@ecommerce-europe.eu