The Danish Financial Supervisory Authority extends the deadline for implementing Strong Customer Authentication by 18 months

However, the extension does not change that the rules on strong customer authentication will enter into force on September 14, 2019.
News
IT and Technology

The Danish Financial Supervisory Authority (FSA) has chosen to allow an extended period of 18 months to 14 March 2021 to implement the new rules on strong customer authentication (SCA) in Denmark. The extension only applies to credit card payments on the Internet. The longer implementation period shall ensure that the transition to the new rules does not have a disruptive effect on Danish e-commerce.

The decision of the Danish FSA to extend the implementation period of the EU rules on strong customer authentication (including requirements for two-factor authentication for e-commerce) is made on the basis of an opinion of the European Banking Authority (EBA) which concludes that the entire e-commerce has trouble getting ready for the new rules in time.

The Payment and Liability Rules of the Payment Act remain in full force and effect

The Danish FSA emphasizes that the extended implementation period does not change the fact that the rules on SCA will come into force on September 14, 2019, although two-factor authentication will not become mandatory until March 14, 2021.

This is among other things relevant to the payment and liability rules of the Payment Act, where companies may be liable in fraudulent payments, if strong customer authentication is not used.

Below, you can read more about the importance of the new rules in the Payment Council's opinion as of June 2019, which was published before the implementation period was extended, and the press release from the Danish Financial Supervisory Authority here.

Lund Elmer Sandager’s Comments

With the extended implementation deadline for the requirement for strong customer authentication, companies that offer online payment have been given more time to get technically ready for the new EU rules. As the Payment and Liability Rules of the Payment Act still apply, and as the extension period does not change the strong customer authentication rules coming into force on September 14, 2019, we recommend that Online businesses implement a two-factor authentication on e-commerce platforms as quickly as possible.

Questions about the new EU Rules?

Avoid that your payment service becomes a burning platform and stay focused on the new EU rules on strong customer authentication. We are closely following the developments in this area and are ready to help with questions about the new rules and implementation hereof.

If you need help to ensure that you comply with the rules, you are always welcome to contact Attorney Anders Linde Reislev in Lund Elmer Sandager's IT law department.

Read the Payments Council's opinion here.