Danish regulator sets longer implementing period for customer authentication rules
Chris Hamblin, Editor, London, 5 September 2019
The Danish Financial Services Authority has chosen to extend its deadline for compliance with its new rules regarding "strong customer authentication" by an additional 18 months. The extension only applies to card payments on the Internet.
The idea for the delay is to avoid major disruptions to Danish e-commerce. On 14 September, new European Union rules for strong customer authentication (two-factor authentication) will take effect when electronic payments happen. A couple of months ago, the European Banking Authority (EBA) wrote that it expected financial institutions to have trouble complying, especially in e-commerce and said that national regulators ought to be allowed to give the market some extra time to implement the new rules.
Since then, the Danish FSA has spoken to practitioners and does not think that it will be able to enforce the new rules by 14 September without causing 'far-reaching' trouble for Danish e-commerce. Many businesses and so-called payment gateways that provide IT to the e-shops have not been able to make the software work. The new date is 14 March 2021. Card issuers, card acquirers and e-commerce firms now have a reprieve, although the regulator does want to set up some as-yet unspecified 'operational milestones' along the way.