European Payment Institutions Federation (EPIF), European Association of Payments Service Providers For Merchants (EPSM), European Banking Federation (EBF), European Hotel Forum (EHF), Ecommerce Europe, EuroCommerce, Visa and Mastercard, has taken the lead on a further joint industry letter to the EBA on SCA Implementation.
The organisations jointly share the goal of a harmonised EU implementation of SCA. In a first instance they have therefore called on the EBA to use its suasion to encourage all national competent authorities (NCAs) to communicate publicly that they will adopt a flexible approach to the implementation of SCA and give industry scope beyond the 14 September deadline.
„We suggest this deadline for operational application of SCA should be in 18 months EU wide. The coalition is now exploring whether we can agree on proposals for an EU-wide implementation roadmap.”
Below we present the full text of the official letter addressed to Jose Manuel Campa – President of the European Banking Authority, signed by all the eight institutions mentioned above.
Dear Mr José Manuel Campa,
Following our earlier joint statement on 1st August, we are highly supportive of the objectives of PSD2 Strong Customer Authentication (SCA) requirements to reduce fraud and increase consumer trust in electronic payments.
As we had previously stated, despite significant investment to build an infrastructure to comply with PSD2 SCA requirements, there are significant challenges remaining, including dependencies on many non-regulated parties, and all parties in the ecosystem will not be ready to comply with SCA requirements by 14 September 2019.
We welcome the EBA Opinion of 21st June 2019 that provides flexibility for National Competent Authorities (NCAs) to work with payment service providers (PSPs) on migration plans to provide additional time to allow issuers to migrate to authentication approaches that are compliant with SCA, and acquirers to migrate their merchants and gateways to solutions that support SCA.
Whilst a number of NCAs have already indicated that they will not enforce SCA requirements from 14 September and are supportive of the 18 month timeframe, we understand that other NCAs have yet to make any announcements prior to finalisation of any EU-wide SCA migration roadmap. Some NCAs have invited individual PSP migration plans, however large-scale declines will only be avoided by a consistent, European-wide approach to SCA enforcement.
We would therefore, like to ask the EBA to actively encourage all NCAs to make clear announcements to industry that SCA requirements will not be enforced as of 14 September 2019 until further clarity is provided at EBA level. This would help avoid the disruption to businesses and consumers that the EBA has already sought to address.
We recommend that an additional timeframe of 18 months, until March 2021, is provided for the ecosystem to phase in SCA requirements and perhaps longer for certain sectors and clearly defined use cases, with key milestones and clear and consistent metrics identified in that period and which take into account the merchants peak trading periods. This should go hand in hand with gradually reducing fraud, protecting retail businesses and ensuring a better customer experience across the EU.
Uncertainty in some markets will lead to merchants stepping up transactions without being technically capable of utilising all the exemptions. Visa estimates that this will lead to an overall 25- 30% of card abandonment/ authorisation declines, which will be a huge disruption to European e-commerce and payments.
We and our industry colleagues would like to continue to engage with you and the NCAs to seek to develop joint SCA migration plans coordinated at European level, ideally leading, before the 14 September deadline, to a pan European migration roadmap. We, the co-signatories, support continuous efforts by the EBA to foster a harmonised European approach to avoid market fragmentation and reflect the cross-border nature of payments in e-commerce. The implementation of the SCA rules also need to ensure an effective understanding and consistent application of the exemption regime across the EU as permitted under the PSD2.
We would also want to ensure that SCA requirements do not come into full effect until all parties are ready. In short, Issuers and Acquirers need to be allowed to continue authorising non compliant transactions until the March 2021 deadline (or beyond for certain sectors/use cases).
Collectively, we are working on a common approach that we would like to share with you in the near future.
We remain at your full disposal to further discuss any issue.
„For more than a week now, ScoreRise enrolls daily hundreds of users through an innovative facial recognition interface. Enrollment takes less than a minute and it does not require presence of a human operator or video recording. And, of course, it stays fully GDPR compliant with help from Reff & Associates and Deloitte Romania.”