The German Federal Financial Supervisory Authority (BaFin) will allow payment service providers domiciled in Germany to execute credit card payments online without strong customer authentication (SCA) as a temporary measure after 14 September 2019. Pursuant to a press release published on 21 August 2019, BaFin will not object to such transactions for the time being in order to prevent disruptions to online payment processes.

Based on the second European Payments Services Directive (PSD2), starting from 14 September 2019, payment service providers have to apply SCA where the payer initiates an electronic payment transaction. SCA is an authentication based on two independent elements derived from two of the three categories knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is). Details are set out in regulatory technical standards (RTS) on SCA and common and secure communication adopted by means of Commission Delegated Regulation (EU) 2018/389.

The SCA requirements will also apply to credit card payments made online. However, the current standard method of authentication by means of the credit card number and the “Card Verification Value” number does not meet such requirements.

The European Banking Authority (EBA) published an opinion on the elements of SCA under PSD2 on 21 June 2019 (cf. the relating publication in the blog). EBA acknowledged the challenges by the introduction of SCA and allowed the national competent authorities to grant limited additional time.

On that basis, BaFin has now decided to temporarily refrain from applying the SCA requirements for online credit card payments (only). The German regulator considers companies making use of online credit card payments as recipients as not sufficiently prepared. An expiry date of this relief measure will be determined by BaFin in cooperation with EBA and the other national competent authorities after consulting affected market participants. In the meantime, BaFin expects the market participants to adjust their infrastructures as soon as possible and to develop migration plans for this purpose.