Online Shopping Anti-Fraud System Delayed by 18 Months


August 2019

Online Shopping Anti-Fraud System Delayed by 18 Months

Requirements that online shoppers enter a passcode sent to their mobile phones have been delayed until the beginning of 2021, to give retailers and banks more time to prepare.

Strong Customer Authentication (SCA) was due to be implemented, following an EU directive, on September 14. But banks, payment providers, and retailers reportedly aren’t ready to launch the anti-fraud system and along with consumer groups had raised concerns about customers without mobile phones, or living in mobile signal black spots, being locked out of online shopping.

Following pressure from the industry, the Financial Conduct Authority (FCA) has announced an 18 month extension for providers who can demonstrate they are taking steps to implement the system.

Under the scheme, designed to enhance the security of payments and prevent fraud, customers spending more than £28 (or €30) in a single online transaction will be required to provide an extra level of authentication. This will usually entail entering a one-time password sent by text to their mobile phone but could also involve voice recognition or a thumbprint check on a smartphone.

The same requirements will also apply once customers have made five separate transactions totalling £28.

However, retailers warned that the system could cause chaos and confusion for online shoppers, especially if implemented before the industry and the public are ready.

The British Retail Consortium predicts that 25-30% of online purchases may fail following implementation of the system. It had also warned that an estimated 75% of retailers are unaware the system was being imposed by the FCA in September, in advance of the EU directive’s 2020 deadline, and said consumers were also unaware of the changes.

Groups representing retailers wrote to the FCA in July warning that the system would lead to “abandoned purchases, decline of valid transactions and poor customer experiences”.

The letter noted that small online vendors would be hit hardest, with three-quarters lacking the software needed for two-factor authentication. The letter requested a delay in enforcement, which the regulator has now granted.

"The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster,” said Jonathan Davidson, director of retail supervision and authorisations at the FCA. "While these measures will reduce fraud, we want to make sure that they won't cause material disruption to consumers themselves, so we have agreed a phased plan for their timely introduction."

Last year an estimated £671 million was lost to fraud on payment cards, a 19% increase on the previous year.

Analysts expected the delay in enforcement to be welcomed with relief in the industry.

Jeremy Drew, co-head of retail at law firm RPC, said: "Retailers are going to be delighted that the FCA is taking a pragmatic approach to enforcement of SCA. There has been real concern that some of the security solutions being offered to retailers were going to be so jarring to consumers that they would