What has happened?
Last week, the European Banking Authority (EBA) published an opinion and related press release on the deadline and process for completing the migration to strong customer authentication (SCA) for e-commerce card-based payment transactions under PSD2.
What does this mean?
The opinion sets a deadline of 31 December 2020.
The EBA prescribes the milestones and expected actions to be taken by national competent authorities (NCAs) during the migration period in two tables, one relating to issuing PSPs and one to acquiring PSPs.
The EBA is of the view that the deadline should be sufficient for issuing PSPs, acquiring PSPs and their merchants to migrate to SCA-compliant approaches and solutions.
The EBA recommends that NCAs explain to PSPs that the supervisory flexibility exercised does not mean a delay in the application date of the SCA requirements.
Instead, it means that NCAs will focus on monitoring migration plans rather than taking enforcement action against non-compliant PSPs.
The opinion also recommends that NCAs remind PSPs that the PSD2 liability regime still applies and that they therefore remain liable for unauthorised payment transactions.
For a comprehensive and interactive look at all European and UK legal provisions relating to PSD2, together with latest news and insight from the Hogan Lovells Team, take a look at our PSD2 Toolkit.
Authored by Jonathan Chertkow, Emily Reid, James Black, Julie Patient and Virignia Montgomery