The Bank of Greece will provide a phase-in period for compliance with the strong customer authentication (SCA) requirements of Commission Delegated Regulation (EU) 2018/389 in card e-commerce transactions
26/08/2019 - Announcements
The EU’s Second Payments Directive (PSD2), transposed into Greek law by Law 4537/2018, and Commission Delegated Regulation (EU) 2018/389 on regulatory technical standards for strong customer authentication and common and secure open standards of communication (RTS on SCA and CSC), require payment service providers (credit institutions, payment institutions, electronic money institutions, merchants, card schemes) to have in place solutions that support strong customer authentication (SCA) by 14 September 2019, for the purpose of ensuring secure online access to accounts and initiation of electronic payments by customers.
The Bank of Greece, recognising the complexity of the required changes in the field of e-commerce card payments and taking into account the nature and number of stakeholders (card schemes, payment service providers, IT service providers, e-merchants, payment service users), will provide a short and controlled phase-in period for the relevant entities to comply with the RTS SCA requirements beyond the deadline of 14 September 2019. The phase-in period shall only apply to the category of e-commerce card payments. This decision of the Bank of Greece is aimed to minimise the risk of unintended disruptions in the sensitive industry of e-commerce and follows the recent Opinion of the European Banking Authority (EBA) of 21 June 2019, which allows national competent authorities to extend the deadline for RTS SCA implementation.
Given the cross-border nature of this type of payments, the Bank of Greece will adopt the EU-wide time frame to be specified by EBA (following the collection and processing of individual national data) and to be announced during the last quarter of this year. Entities supervised by the Bank of Greece that wish to make use of the phase-in period shall be required to submit to the Bank of Greece a detailed migration plan in line with the time frame to be indicated by EBA. The plan shall include, among other things, the entity’s planned communication initiatives aimed to inform merchants and users (consumers and businesses).