On 30 August 2019, CSSF communicated on the extension beyond 14 September 2019 of the deadline for compliance with the strong customer authentication (SCA) requirements of European Commission regulation (EU) 2018/389 for e-commerce card payment transactions.
As stated in CSSF’s press release, the new legal and regulatory frameworks require payment service providers (i.e. credit institutions, payment institutions, electronic money institutions) to put in place, by 14 September 2019, strong customer authentication (SCA) solutions that ensure secure access to their online payment accounts and secure initiation of electronic payment transactions.
In line with the opinion of the European Banking Authority (EBA) of 21 June 2019, the CSSF grants the entities concerned an extension of the implementation period of the SCA beyond 14 September 2019 in order to minimize the risk of unintentional disruption to the sensitive e-commerce sector. This extension applies only to the category of ecommerce card payment transactions.
Over the course of several recent working meetings, ABBL and CSSF agreed that, given the cross-border nature of e-commerce, the adoption of a common and harmonized European compliance deadline, that should be announced by EBA in the final quarter of 2019, is considered essential.
For those reasons, ABBL welcomes the CSSF’s press release that acknowledges the complexity of the required compliance changes in the field of e-commerce card payment transactions, taking into account the European nature and the number of stakeholders in the whole payment chain (card schemes, issuing and acquiring payment service providers, IT service providers, online merchants, payment service users) that need to take measures to be able to apply or request strong customer authentication.
Discover our PSD2 dossier.