Some banks, businesses not to ready to implement new security rules by 1 Jan
The Department of Finance has said that some banks and businesses may not be fully ready to implement new security rules for electronic payments that come into effect from 1 January.
The Labour Party has called on the main banks and Central Bank to clarify whether the situation means some customers could potentially face disruption when paying for things online if their systems are not compliant after the date.
Under the EU’s revised Payment Service Directive introduced in 2015, Payment Service Providers (PSPs) are required to introduce strong security requirements for the initiation and processing of electronic payments.
Strong Customer Authentication (SCA) aims to reduce the risk of fraud for all electronic payments, particularly those online.
SCA must be achieved through two forms of verification from three categories, including passwords or PINs, a card reader or token generator, or a fingerprint or other biometric feature.
The standards for SCA and secure communication came into effect in September last year, but the European Banking Authority extended the final deadline for full compliance to 31 December this year.
A further extension to this deadline was sought by European banking industry bodies including the Banking and Payments Federation Ireland (BPFI) earlier this year, because of the effect the Covid-19 was having on the sector.
They warned that the disruption caused by the coronavirus meant the industry was unlikely to be able to meet the current deadline.
In response to parliamentary questions from Labour’s Finance Spokesman, Ged Nash, the Department of Finance said where a PSP is in a position to implement the requirements on 1 January, the Central Bank expects them to do so, “in a manner that does not cause customer detriment.”
However, the department also acknowledged that some PSPs face problems.
“Through engagements with regulated PSPs on the progress of their SCA migration plans, the Central Bank is aware of some issues around the full implementation of SCA by 31 December 2020,” the department responded.
“The Central Bank has communicated to these PSPs that they are required to implement the Requirements as soon as possible in a manner that does not cause customer detriment.”
The department added that it will continue to work with the regulator and banking sector to minimise disruption to consumers and stores.
Two weeks ago, the BPFI announced industry plans to gradually ramp up the full implementation of SCA, including increasing thresholds for values at which it will kick-in and having “soft declines” where some transactions fail temporarily.
“This does not mean that payments for values below the ramp-up thresholds will all be approved and transactions will continue to be closely monitored for possible fraud,” the department stated.
Mr Nash said the European Banking Authority did the right thing last year in giving banks across Europe an extra 15 months to get ready for the changeover to SCA.
“We are now coming up close to the deadline and it is very concerning that the Central Bank has said that there may be issues in Ireland around full implementation of these rules by 31 December,” he said.
“The five main banks need to come out and clarify for their customers if there will be any disruption whatsoever when they try to make payments from January 1st, if the bank’s payment systems are not yet compliant with the new regulations.”
“For example, will consumers be able to buy goods from other European countries without their cards being declined?”
He added that Central Bank, and all the retail banks, also need to give an assurance that consumers are not going to be impacted as a result of this, and that payments are not going to be declined.