While the payments industry scrambles to meet new standards for APIs, the FCA grants an extension for SCA compliance.

By Christian F. McDermott, Jagveen Tyndall, and Amy Smyth

In an effort to evaluate the readiness of banks to comply with the revised EU Payment Services Directive (PSD2), Tink, a banking platform and data provider, has reported that it tested 84 application programme interfaces (APIs) spanning 2,500 banks and 12 European markets. According to Tink the results showed that none of these APIs were sufficiently robust to meet the new regulatory standards. Separately, the UK’s Financial Conduct Authority (FCA) has delayed the implementation of the strong customer authentication (SCA) requirements introduced by PSD2 to enhance the security of all electronic payment services.

Stripe-commissioned report projects that Europe’s online economy risks losing €57 billion when SCA goes into effect on 14 September.

By Christian F. McDermott

A recent report released by 451 Research and commissioned by Stripe, the online payment processing business, has found poor levels of readiness for the requirements of Strong Customer Authentication (SCA). The report projects that European businesses stand to lose €57 billion in economic activity in the first 12 months after SCA takes effect on 14 September 2019.

Background

The revised Payment Services Directive (EU) 2015/2366 (PSD2) introduced SCA as a means to help achieve the overall aim of “ensuring that all payment services offered electronically are carried out in a secure manner, [by] adopting technologies able to guarantee the safe authentication of the user and … reduc[ing], to the maximum extent possible, the risk of fraud.”[1]