Statement from the Danish FSA regarding SCA in the light of the opinion from the Danish FSA

By Shane Barber, Scott McInnes, Constance Eckhardt Descout, Ivan Sagál, Annette Printz Nielsen, Kristiina Lehvilä, Cathie Rosalie Joly, Dr Michael Jünemann, Michelle Chan, Konrad Siegler, Stefano Febbi, Karen Berg, Slawomir Szepietowski, Kim Kit Ow, Adrian Calvo, José Luis Lorente Howell, Hans Svensson,


The Danish FSA (DFSA) has just issued a statement following the EBA's opinion of 21 June 2019 on Strong Customer Authentication (SCA).

The DFSA emphasises that the EBA's opinion does not affect the deadline of 14 September 2019 for SCA compliance. Consequently, the DFSA indicates that it still expects that all Danish card issuers and acquirers comply with the SCA requirements by no later than 14 September 2019.

However, the Danish card issuers and acquirers that have implemented, or are in the process of implementing, an authentication solution based on card details (not a strong element, according to the EBA) and an OTP sent by SMS (a "something only you have" element, namely the SIM card stored in the phone) may benefit from a specific agreement with the DFSA to continue to apply such authentication solution after 14 September 2019. This requires a specific migration plan ensuring implementation of authentication solutions in accordance with the EBA's opinion. Such plans are subject to approval by the DFSA, and card issuers who would like to benefit from such approval are encouraged to contact the DFSA as soon as possible.