The European Union's second Payment Services Directive (PSD2) and the related regulatory technical standards set 14 September as the deadline for the mandatory adoption by banks and other payment service providers of strong customer authentication systems, based on the use of at least two factors (e.g. password, biometric identification, smartphone certificate, etc), so that customers may access their online accounts and carry out online payments in relative security.

The adjustments, however, are complex and especially significant for card-based online payments. On 21 June 2019 the European Banking Authority (EBA) afforded the competent authorities of EU states the option of providing additional time beyond the 14 September deadline to allow all interested parties to finalise everything and to adopt the new authentication instruments, exclusively in relation to the aforementioned payment category.

The Bank of Italy, for one, has decided to provide the Italian financial industry with extra time. The next deadline is to be announced by the EBA. The UK's Financial Conduct Authority agreed last Tuesday to give the payments and e-commerce industry more time also - in its case, 18 months. It will not take enforcement action against firms if have not already met the relevant requirements for Strong Customer Authentication or SCA.