A new system designed to tackle fraud in online shopping has been delayed for 18 months.
Banks and retailers had been expected to introduce a new layer of security from mid-September.
This would normally see a passcode sent to a customer’s mobile phone at the point of checkout for online purchases of £28 or more.
However, following pressure from the industry, the City regulator has effectively granted an 18-month delay.
- Open Banking ‘revolution’ to challenge banks’ dominance
- Want to shop online? Best have a mobile signal
Jonathan Davidson, from the Financial Conduct Authority (FCA), said: “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster.
“While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves, so we have agreed a phased plan for their timely introduction.”
An estimated £671m was lost to fraud on UK payment cards in 2018, a 19% increase on the previous year.
How would the system work?
An EU directive called Strong Customer Authentification (SCA), to be adopted in the UK, was designed to cut this type of fraud.
If an online shopper spent more than about £28 (€30 under the EU directive) in one transaction, payment providers would be required to ask for an extra form of verification, usually sent as a one-time password by text to a mobile phone. Alternative forms of verification could include a thumbprint on a smartphone or voice recognition.
The same would apply once the shopper had made five separate payments of £28.
Exemptions were also possible, such as if a retailer decided that the purchase was low risk, or the bank could prove to the regulator that it has a good record on fraud.
However, there were strong complaints from retailers, payment providers and banks. which said that the system would slow the customer buying experience, and call into question saved details that allowed one-click transactions.
Consumer groups also questioned how the system could work for people living in areas with a poor mobile signal, who would have difficulty receiving passcodes sent to their phones.
What is happening now?
The FCA, in line with European counterparts, is easing the mid-September deadline.
The regulator said that it would not enforce the rules for a further 18 months, where providers could show evidence that they were “taking steps” to comply with the system.
A lack of preparation, complexity of the system, and the potential impact on consumers were given as reasons for the delay. The FCA will also review the way the system is planned to work.
Analysts said the decision would be met with relief in the affected industries.
Jeremy Drew, co-head of retail at law firm RPC, said: “Retailers are going to be delighted that the FCA is taking a pragmatic approach to enforcement of SCA.
“There has been real concern that some of the security solutions being offered to retailers were going to be so jarring to consumers that they would abandon purchases at the online check-out stage.”