Implementation period for Strong Customer Authentication (SCA) for online card payments

Tuesday, 24 December 2019

The Central Bank of Cyprus announced on 2 September 2019, that, in line with the EBA Opinion on elements of SCA under PSD2, it would grant a limited migration period to card issuers and acquirers for the purpose of adequate preparations for the introduction of SCA in remote electronic card transactions.

On 16 October 2019, the EBA published an opinion on the deadline for the migration to SCA for e-commerce card based payment transactions, indicating 31 December 2020 as the deadline for completing migration plans. In view of the EBA Opinion, the Central Bank of Cyprus does not intend to take supervisory enforcement action against licensed institutions which have not implemented SCA in remote electronic card transactions by 31 December 2020, provided that these institutions have submitted a migration plan to the Central Bank of Cyprus. Relevant communication has been sent directly to licensed institutions.

It is emphasized that the 14 September 2019 remains as the legal deadline for SCA implementation and therefore the risk associated with the failure to use SCA that is compliant with Regulation (EU) 2018/389 after this date is fully borne by payment service providers, in line with the provisions of Article 74 of The Payment Services and Access to Payment Systems Laws of 2018 and 2019.