- Upcoming SCA regulations will require bank customers to verify themselves with 2FA during online banking.
- That means some banks will require users to own a smartphone.
- The regulations will take effect in the U.K. and European Union.
Share this article
By the end of 2020, European banks will enforce Strong Customer Authentication (SCA), a regulation that could require users to own a smartphone if they want to make use of online banking.
SCA Will Require 2FA
Under SCA, bank customers will need to verify themselves with two-factor authentication (2FA) to perform online transactions.
That means users will need more than a password or PIN. They will also need to enter a one-time security code, scan their fingerprint, or use facial recognition. Most verification methods require users to own a smartphone with SMS or 2FA app support.
That could be a problem for the 18% of British citizens that don’t own a smartphone, who could effectively be cut off from online banking.
By requiring users to own smartphones, banks will also coerce users into smartphone surveillance, which is reaching new heights with Apple and Google’s decision to push contact tracing to all devices, combined with previous tracking systems.
Customers Already Affected
SCA deadlines have been repeatedly delayed, and current deadlines range from late 2020 to mid-2021. However, an ongoing rollout means that some bank customers have already noticed changes.
One Guardian reader reports that Santander began to enforce SCA this year; another says that HSBC started to implement the policy in 2019. Other banks that only support smartphone verification include Danske Bank, Monzo, Starling, and Triodos.
Services in the United States and elsewhere do not need to comply with SCA. However, other countries, such as India, Mexico, and Australia, have similar policies underway. Given a worldwide focus on security and information sharing, it seems likely that similar regulations will make their way to other countries.
Loss of Financial Freedom
Though voluntary 2FA is a beneficial security feature, mandatory SCA regulations can only restrict user freedom and prevent people from spending their money as they see fit.
The vast majority of online transactions would require 2FA. According to experts at Stripe, SCA applies to “customer-initiated online payments within Europe,” meaning that “most card payments and all bank transfers require SCA.”
There are a few exceptions, including merchant-initiated transactions, recurring payments, and small transactions are all exempt from SCA regulations. Furthermore, some banks may offer low-tech verification alternatives such as landline calls or in-branch verification codes.
However, these exceptions may not be commonplace.
Can Crypto Solve the Problem?
Bitcoin and other cryptocurrencies allow users to spend their funds freely. Cryptocurrency users can set up 2FA wallet security if they want to, but that feature cannot be forced upon them; all users are responsible for their own security.
At the same time, the crypto ecosystem relies heavily on exchanges and payment processors. Those companies are typically subject to the same regulations that other financial services are subject to, and European exchanges will almost certainly need to comply with SCA.
The situation is comparable to rising KYC enforcement, under which users are required to identify themselves before buying Bitcoin. Though BTC transactions are unregulated, it is hard to buy and sell Bitcoin without revealing one’s identity for regulatory reasons.
In short: cryptocurrency could provide freedom from SCA and other restrictive regulations, but online commerce has not necessarily reached a point where that is practical.