We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Strong Customer Authentication

SCA: With weeks to go until Europe’s deadline, is the industry prepared? 


With just weeks to go before the 31 December 2020 deadline for Strong Customer Authentication (SCA) implementation in Europe, it’s worth taking a look at the industry’s position within the rollout of this far-reaching new requirement.

 

Final call for implementation

After 31 December 2020, subject to prescribed regulatory exemptions, merchants will need to secure multi-factor authentication for their online transactions. The European Banking Authority (EBA) allowed extensions to be granted to the original deadline of 14 September 2019.[1] Industry participants from merchants to issuers, regulators, acquirers like ourselves, and consumers, will be required to adjust to comply with SCA requirements. The extensions provided some breathing space to many industry players, who have had to chart a very unpredictable path through the global events of 2020.

The European Banking Authority has confirmed that 31 December 2020 will be the final date for compliance. So, will the e-commerce ecosystem be ready come New Year’s Day?

 

Passing the test

The emergence of COVID-19 earlier this year created additional pressures on merchants, and may have impacted their ability to secure the third-party developer time needed in order to get SCA site coding installed or implemented. The final deadline of 31 December  may now have hardened the resolve of many to be ready in time. In our experience, despite the constraints on budgets and staff presented by the pandemic, there has been a huge amount of work undertaken by merchants to ensure they will be prepared for SCA. At J.P. Morgan, we began working with our merchant clients long before 2020, briefing them and helping to ensure they could meet requirements.

 

However, there appear to be some issues outstanding. Not all merchants may be ready yet. Some may have completed the site coding needed to enable SCA, but haven't necessarily turned it on, or haven't turned it on permanently. Some issuers in different countries haven't fully switched on SCA functionalities either. This means even if a merchant has launched SCA on its site, its customers may not be receiving the 3-D Secure 2.0 (3DS2) identification challenges that enable SCA from the issuer.

 

Rollout will likely be uneven, so make sure you’re ready, even if others aren’t

Delivering a cohesive, integrated rollout of SCA will be difficult—simply because there's so many different moving parts and players. When talking to clients, I’ve compared this to everybody preparing to play a new sport together. We have all been given the rule book, we have all been told that everyone is due on the field on 1 January 2021, but none of us have played this before. Is it all going to work?

Based on our intelligence, SCA is not going to just appear ‘everywhere’ online on 1 January. Right now, what we're actually seeing is a gradual ramp-up of initiation across Europe. Different issuers across Europe are starting to implement SCA, particularly for high-value transactions. We are observing card challenges happening within the ecosystem where we haven't seen them before. This glide path towards a much higher level of transaction queries and challenges is going to continue between now and December 31. Of course, there will be a big jump in SCA compliance on 1 January 2021, but between then and now, be prepared for some unpredictability as we shift into a whole new era of payments authentication.

 

1.fca.co.uk, November 2020. ‘Strong Customer Authentication.’ Accessed November 2020. 

Already an Existing Customer?

Contact us if you require advice, help or support.

Existing Merchant Service Customers

If you have a technical issue or a question about your merchant account, please call your Relationship Manager directly.
Alternatively, call our merchant support team on:

For Europe: +353 1 726 2909     UK: 0845 399 1130

Further information is available at any time through your Paymentech Online account.

 

Out of Courts Complaints and Redress Procedures

  1. J.P.Morgan has in place complaint resolution procedures to settle complaints of Merchants arising from their rights and obligations under Parts 3 and 4 of the Payment Services Regulations 2018.
  2. If you have a complaint, please contact your Relationship Manager. Your complaint will be addressed in accordance with J.P.Morgan complaint policy, which we are happy to provide upon request.
  3. In the event of a complaint, a Merchant may refer the matter to the Irish Financial Services and Pensions Ombudsman (FSPO) or such relevant out-of-court complaint body or to such other competent out-of-court complaint body applicable to you in the country where you are established.
  4. Details on complainant eligibility are available on the FSPO website.

                   You can contact the FSPO at:

Irish Financial Services and Pensions Ombudsman
Lincoln House
Lincoln Place
Dublin 2
D02 VH29
Ireland
Tel: + 353 1 567 7000
Email: info@fspo.ie
Website: https://www.fspo.ie

 

Merchants domiciled in the UK

  1. From 1st January 2021, J.P.Morgan will enter into the UK's Temporary Permissions Regime (TPR).
  2. The TPR has been established by the UK regulators to allow firms such as J.P.Morgan to continue to operate in the UK following the end of the Brexit transition period.
  3. During the TPR, a UK-based merchant that is not satisfied with our response to a complaint and that qualifies as an eligible complainant may refer the matter to the UK's Financial Ombudsman Service. Details on complainant eligibility are available on the Financial Ombudsman Service website.

                   You can contact the Financial Ombudsman Service at:

Financial Ombudsman Service
Exchange Tower
London
E14 9SR
Free phone: 0800 023 4567
Email: complaint.info@financial-ombudsman.org.uk
Website: www.financial-ombudsman.org.uk