The Danish FSA (DFSA) has just issued a statement following the EBA's opinion of 21 June 2019 on Strong Customer Authentication (SCA).

The DFSA emphasises that the EBA's opinion does not affect the deadline of 14 September 2019 for SCA compliance. Consequently, the DFSA indicates that it still expects that all Danish card issuers and acquirers comply with the SCA requirements by no later than 14 September 2019.

However, the Danish card issuers and acquirers that have implemented, or are in the process of implementing, an authentication solution based on card details (not a strong element, according to the EBA) and an OTP sent by SMS (a "something only you have" element, namely the SIM card stored in the phone) may benefit from a specific agreement with the DFSA to continue to apply such authentication solution after 14 September 2019. This requires a specific migration plan ensuring implementation of authentication solutions in accordance with the EBA's opinion. Such plans are subject to approval by the DFSA, and card issuers who would like to benefit from such approval are encouraged to contact the DFSA as soon as possible.


 

Authors

Shane Barber

Shane Barber

Managing Partner
Australia

Call me on: +61 2 9226 9888
Ivan Sagál

Ivan Sagál

Partner
Czech Republic/Slovak Republic

Call me on: +420 226 030 500
Lehvila Kristiina

Kristiina Lehvilä

Senior Counsel
Finland

Call me on: +358 (0)9 622 6670
Karen Berg

Karen Berg

Counsel
Netherlands

Call me on: +31 (0)70 353 8800
Sławomir Szepietowski

Sławomir Szepietowski

Managing Partner
Poland

Call me on: +48 22 583 79 00
Ow_KimKit_WEB

Kim Kit Ow

Partner
Singapore

Call me on: +65 6534 5266