- This progress coincided with a significant reduction of the volume
and value of fraud, for the same type of transactions and the same time
period.
- Payment service providers (PSPs) in some jurisdictions are still lagging behind on some indicators.
The European Banking Authority (EBA) published today a Report
on the data provided by PSPs on their readiness to apply SCA for the
subset of payment transactions that are e-commerce card-based payment
transactions. The Report highlights the status of issuing and acquiring
PSPs in enrolling online merchants, payment cards and payment service
users (PSUs) into SCA-compliant solutions, and in requesting SCA for
online payment transactions after 31 December 2020, when the SCA
migration period ended.
The EBA tracked the progress made by issuing and acquiring PSPs from
September 2019 to April 2021 by monitoring a number of indicators that
had been set out in the EBA Opinion of 2019 on the deadline for the migration to SCA compliance for e-commerce card-based payment transactions.
Based on the data collected from those PSPs, the EBA observed that
significant progress has been made with regard to SCA -compliance, as
highlighted by the following key indicators:
- 99% of EU merchants are able to support SCA;
- 94% of all payment cards in the EU are SCA-enabled;
- 82% of all PSUs are enrolled into an SCA solution;
- 92% of e-commerce card-based authentication requests reported by acquirers are compliant with the SCA requirements; and
- 87% of initiated e-commerce card-based payment transactions reported by issuers are compliant with the SCA requirements.
This progress also coincided with a significant reduction of the
volume and value of fraudulent e-commerce card-based payment
transactions in the EU over the same period.
Finally, the Report notes that there are still PSPs in some
jurisdictions that are lagging behind others in enabling SCA on their
payment cards, enrolling PSUs to SCA-compliant authentication solutions
or initiating SCA-compliant transactions.
Legal basis and background
The regulatory technical standards (RTS) on SCA and common and secure
communication (CSC) underpin the new security requirements under the
revised Payment Services Directive (PSD2) and have applied since 14
September 2019. These requirements were introduced to decrease the risk
of payment fraud and to ensure the safety of payment service users’
funds and personal data.
In June 2019, with its Opinion on the SCA elements (EBA-Op-2019-06),
the EBA granted, on an exceptional basis, supervisory flexibility for
national competent authorities (NCAs), not to enforce the RTS on
SCA&CSC to allow issuing and acquiring PSPs to migrate to
SCA-compliant approaches and solutions for e-commerce card-based payment
transactions.
The Opinion on the deadline for the migration to SCA compliance for
e-commerce card-based payment transactions (EBA-Op-2019-11) set the
deadline for said supervisory flexibility to 31 December 2020 and set
out the actions to be taken by NCAs, as well as by issuing and acquiring
PSPs, during that period. The Opinion also envisaged for the EBA to
develop a Report on the status of SCA-compliance by issuing and
acquiring PSPs based on consolidated information provided from PSPs
through their NCAs.