This article was written by Gareth Malna.
The update, made on 31 March 2020 includes recognition that the COVID-19 outbreak increase the challenges for firms in protecting consumers from risks, including the use of unauthorised transactions and fraud. As such, the FCA has made it clear that firms will be expected to monitor fraud rates and take swift action if those rates rise or new patterns of fraud emerge. To assist the FCA is also implementing certain changes to assist businesses including:
- Supporting the industry’s increase to the limits imposed on contactless payment transactions and confirming that it 'is very unlikely to take enforcement action if a firm does not apply strong customer authentication where the cumulative amount of transaction values has exceeded EUR 150 or five contactless transactions in a row'. To be clear, this only applies as long as the firm sufficiently mitigates the risk of unauthorised transactions and fraud by having sufficient monitoring tools in place and acting swiftly.
- Considering an extension to the deadline for the implementation of SCA by e-commerce retailers, which is currently set for 14 March 2021.
- Supporting online banks that have not yet met the SCA requirements during the adjustment period to 14 March 2020 on a case-by-case basis. In doing so the FCA will take into account (i) the firm’s existing security around authentication, (ii) firms’ controls and processes to reduce fraud and (iii) whether the impact is likely to be exacerbated given the current circumstances.
Firms are reminded to contact the FCA if they are facing any difficulties in relation to SCA.