Strong Customer Authentication - **Now delayed** changes to online verification

The September deadline is somewhat up in the air at the moment, at least for e-commerce card payments.

There are three elements to authentication under SCA and the banks must use two of them. The three elements are a) something you are, b) something you possess and c) something you know.

Up until recently, it was assumed that an OTP would count as something you know, but the EBA recently threw a spanner in the works by stating that this was not the case.

In response to this the FCA had the following to say:

“…the FCA recognises the challenges in meeting this deadline and has been working with the industry to develop a plan to migrate the industry to implement SCA for card payments in e-commerce as soon as possible after this”.

If you google “EBA SCA opinion” you’ll find more details, though be warned, it’s not the most exciting read.

Not sure how extensive you want the list to be, but tandem credit cards are already using an OTP to mobile when making purchases online.

But given it’s app only, everybody who has it will by definition have a mobile so won’t be a barrier.

eskbanker wrote: »

Happy to add info in if supported by a link?

Probably doesn’t make the cut for authoritative info on here from the FAQs looking like a community blog https://intercom.help/tandembank/en/articles/1978234-online-purchases

But the first 3 transactions I’ve done online (I’ve only just got the card) have all sent a passcode to my mobile.

Capital One (capitalone.co.uk) credit cards will send OTP to EITHER mobile or landline, which is fine. Why can't others do it?