Communication to the payments industry on strong customer authentication (SCA) from 14 September 2019

Monday, 2 September 2019

With reference to the Payment Services and Access to Payment Systems Laws of 2018 and 2019, transposing Directive (EU) 2015/2366 (‘PSD2’), the relevant provisions of the Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 (the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Open Standards of Communication) as well as the Opinion of the European Banking Authority - EBA on elements of SCA published on 21 June 2019 examining possible transition problems due to concerns about the payment industry’s readiness to comply with the requirements of SCA for e-commerce transactions (online card payments), the Central Bank of Cyprus (CBC) wishes to state the following:

In line with the aforementioned Opinion, the CBC intends to grant to regulated entities (i.e. card issuers and acquirers) which currently support a non-reusable and non-replicable element for online card transactions (e.g. OTP), a limited migration period for the purpose of adequate preparations for the introduction of SCA in remote electronic card transactions. The extent of this period has not yet been determined by the EBA. In this respect, the CBC is in communication with the EBA.

Stakeholders will be informed about the migration period’s duration in due course. Following this, affected card issuers and acquirers will have to draw up a detailed migration plan and submit it to the CBC.