The UK's Financial Conduct Authority will delay the planned introduction of mandatory two-factor authentication for higher-value electronic payments by 18 months in order to give providers more time to prepare for the technical change.

The FCA described the delay as a "plan for a phased implementation" which "gives the payments and e-commerce industry extra time to implement Strong Customer Authentication (SCA)."

iStock
iStock

The rules, which were due to come into place in September, officially fall under the Secure Customer Authentication (SCA) section of the Second Payment Services Directive (PSD2), which came into force in January 2018. The European Banking Authority (EBA) only issued clarity on the technical standards required in June 2018 however.

It will eventually mean a customer will need to authenticate any online purchases of £28 (€30) or more, most likely by entering a passcode sent to their mobile phone or via a biometric check. The intention is to combat online fraud, which rose by 19 percent to £671.4 million on UK-issued cards last year, according to UK Finance.

Read next: Find out more about the technical requirements, key benefits and concerns of Open Banking

The FCA had been coming under mounting industry pressure to delay the rules, with the EBA recently asserting that more time would be needed to implement SCA, with fears of disruption and loss of faith in the system from consumers if the rollout was in any way problematic.

Jonathan Davidson, executive director for supervision of retail and authorisations at the FCA, said in a statement: "The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction'.

Read next: How little-known startup OCL plans to verify UK porn watchers

Commenting on the news, Jason Tooley, chief revenue officer at customer authentication specialist Veridium, said: “Financial institutions and payment service providers have had nearly two years to prepare since the initial announcement, and there is no valid excuse for the delay in its enforcement apart from an unwillingness to participate."