In line with the decision taken on European Union level, the Central Bank of Hungary provides the Hungarian financial sector with additional time to adopt strong customer authentication procedures for card-based online transactions.
Based on the revised Payment Services Directive (PSD2) and the related regulatory technical standards for strong customer authentication and common and secure open standards of communication (SCA RTS), banks and other pay-ment service providers are obliged to apply strong customer authentication as of 14 September 2019. The regulation requires that at least two authentication factors (e.g. password, fingerprint, smart phone certificate) are necessary to ensure that the payment service users access their payment accounts and initiate payment transactions in a safe and secure way.
Considering the complexity of the legislation especially in case of card-based online transactions and the number and nature of stakeholders involved, the European Banking Authority in its opinion published on 21 June 2019, set out that the national competent authorities are allowed to provide the payment service providers more time to finish the ongoing IT developments and implement the new authorization procedures at online card payments.
The Central Bank of Hungary concluded several discussions with the market players involved – including banks, inter-national card companies and the Hungarian E-commerce Association – to determine if any additional time could miti-gate the related risks and prevent disruptions in completion of e-commerce payment transactions.
Based on the discussions the Central Bank of Hungary decided to provide the domestic market players an additional 12 months period to comply with the requirements of strong customer authentication in case of e-commerce transac-tions. Payment service providers shall submit detailed migration plans to the Central Bank of Hungary which will be followed-up on a continuous basis and payment service providers shall also notify merchants and cardholders accordingly.
In the migration period, payment service users can use their payment cards in Hungary and abroad in the current way without applying strong customer authentication. The liability rules of the Payment Services Act ensure that the risks related to the online card payments shall not increase and they also settle the liability questions between the payment service providers.
Magyar Nemzeti Bank