Dáil Éireann Debate, Tuesday - 8 December 2020
177. Deputy Ged Nash asked the Minister for Finance if the Central Bank will be enforcing the guidelines for the Payment Services Directive 2 from 1 January 2021 in view of the fact that it will apply for strong customer authentication for online transactions; if there will be no disruption to online commerce from 1 January 2021 as a result of the new requirements; and if he will make a statement on the matter. [41260/20]
View answer178. Deputy Ged Nash asked the Minister for Finance if online transactions involving a bank will be declined if the retail bank does not comply with the Payment Services Directive 2 in relation to strong customer authentication for online transactions from 1 January 2021; and if he will make a statement on the matter. [41261/20]
View answer179. Deputy Ged Nash asked the Minister for Finance if the Central Bank will be giving a further extension to banks in relation to the new strong customer authentication requirements under the Payment Services Directive 2 in view of the fact that the previous 15 month extension agreed by the European Banking Authority is due to expire at end of 2020; and if he will make a statement on the matter. [41262/20]
View answer181. Deputy Ged Nash asked the Minister for Finance if he or his officials have met with the BPFI in relation to the strong customer authentication requirements under the payment services directive requirements in 2020; if he has received assurances from all retail banks that there will be no disruption as a result of the new requirements on 1 January 2021; if he is satisfied that all retail banks will be ready to implement strong customer authentication on 1 January 2021 without any disruption to online commerce; and if he will make a statement on the matter. [41264/20]
View answerI propose to take Questions Nos. 177, 178, 179 and 181 together.
The revised Payment Services Directive (PSD2) of 2015 introduced strong security requirements for the initiation and processing of electronic payments, which apply to all payment service providers (PSPs). This approach is intended to reduce the risk of fraud for all types of electronic payments (especially online payments) and to protect the confidentiality of the user’s financial data.
PSPs are obliged to apply strong customer authentication (SCA) when a payer initiates an electronic payment transaction. SCA under PSD2 requires the customer to go through two-factor authentication made up of elements from two of three separate categories: knowledge, possession, and inherence. SCA is a combination of something you know (a password or PIN), something you have (a card reader or token generator) and something you are (a fingerprint).
The European Banking Authority (EBA) was tasked with developing standards for strong customer authentication and secure communication. These standards were published on 13 March 2018 and came into effect from 14 September 2019.
In an Opinion published on 16 October 2019 the EBA set the final deadline for full compliance with SCA requirements at 31 December 2020. The EBA felt that this time should be sufficient for issuing and acquiring payment service providers and their merchants to migrate to SCA-compliant approaches and solutions.
Following the outbreak of Covid-19 earlier this year industry bodies from across the EU, including the Banking and Payments Federation of Ireland (BPFI), wrote to the EU Commission and the EBA seeking a further extension to the deadline for compliance with the SCA requirements. They outlined that Covid-19 was clearly having an impact on all sectors of the EU economy and that industry was unlikely to be able to meet the current deadline of 31 December 2020 for SCA migration.
Where a regulated payment service provider (PSP) is in a position to implement the requirements with effect from 1 January 2021, the Central Bank expects them to do so, in a manner that does not cause customer detriment.
Through engagements with regulated PSPs on the progress of their SCA migration plans, the Central Bank is aware of some issues around the full implementation of SCA by 31 December 2020. The Central Bank has communicated to these PSPs that they are required to implement the Requirements as soon as possible in a manner that does not cause customer detriment.
As the deadline for SCA implementation approaches, Department officials will continue to work with the Central Bank and BPFI to minimise payment disruption experienced by consumers and merchants.
