On 29 November 2019, Bank of Italy has issued a press release where it announced that it will grant an adjustment period until 31 December 2020 to comply with the PSD2 strong customer authentication (SCA) requirement for remote card transactions (as transposed within Italian law).
This press releases follows the European Banking Authority (EBA) Opinion of 16 October 2019, in which the EBA "recommended" a consistent deadline throughout the EU/EEA, namely 31 December 2020, for card issuers and acquirers to comply with the SCA requirements for remote card-based payments (see our client alert here).
Issuer and acquirers will therefore be contacted by Bank of Italy for them to explain their detailed transition plan, including communication and customer preparation initiatives (i.e. both on the cardholder side as well as on the merchant side), to be completed in any case before the end of the adjustment period.
Bank of Italy indicated in its press release that it will carefully monitor how issuers and acquirers comply with their migration plans, given the importance of strengthening the security of online card payments / preventing fraud.