The European Banking Authority (EBA), a regulatory body of the European Union that’s headquartered in Paris, released a report, earlier this week, on the data offered by payment service providers (PSPs) on their readiness to apply strong customer authentication (SCA) for the set of payment transactions that are digital commerce card-based transfers.
The EBA‘s report covers that the status of issuing and acquiring PSPs in signing up or enrolling online merchants, payment cards and payment service users (PSUs) into SCA-compliant services, and in requesting SCA for digital payment transactions after 31 December 2020 (when the SCA migration period concluded).
The EBA reportedly tracked the ongoing progress made by issuing and acquiring PSPs from September 2019 to April 2021 by monitoring different indicators that were specified in the EBA Opinion of 2019 on the deadline for the migration to SCA compliance for digital commerce card-based payment transfers.
Based on the data obtained from those PSPs, the EBA found that considerable progress was made when it comes to SCA -compliance.
The EBA report reveals that 99% of EU merchants can now offer support for SCA; 94% of all payment cards in the European Union are currently SCA-enabled; 82% of all PSUs have now been enrolled into an SCA solution; 92% of digital commerce card-based authentication requests reported by acquirers are now compliant with the SCA standards; and 87% of initiated e-commerce card-based payment transactions reported by issuers are now compliant with the SCA guidelines.
This progress has also come at a time when there has been a considerable reduction of the volume and value of fraudulent digital commerce card-based payment transfers in the EU during the same period.
The Report from the EBA also mentioned that there are still PSPs in certain areas that are behind others in supporting SCA on their payment channels, enrolling PSUs to SCA-compliant authentication services or carrying out SCA-compliant transactions.
The regulatory technical standards (RTS) on SCA and common and secure communication (CSC) provide the updated security guidelines under the revised Payment Services Directive (PSD2) and have been effective as of September 14, 2019.
These standards were released in order to lower the risk of payment fraud and also to ensure the safety of payment service users’ money and personal information.
In June 2019, with its Opinion on the SCA elements (EBA-Op-2019-06), the EBA has issued, on an exceptional basis, supervisory flexibility for national competent authorities (NCAs), not to enforce the RTS on SCA&CSC to allow issuing and acquiring PSPs to migrate to SCA-compliant approaches and solutions for digital commerce card-based payment transactions.
The Opinion on the deadline for the migration to SCA compliance for e-commerce card-based payment transactions (EBA-Op-2019-11) set the deadline for said supervisory flexibility to December 31, 2020. It also laid out the actions that were to be taken by NCAs, and issuing and acquiring PSPs, during that particular time period.
The Opinion also supported the EBA in its efforts to prepare a Report on the current status of SCA-compliance by issuing and acquiring PSPs – which was reportedly based on consolidated information from PSPs via their NCAs.