This affects salons and barbershops that take payments on line.
What is Strong Customer Authentication SCA?
From 14 September 2019, new EU rules will start to apply that impact the way in which banks or payment services providers verify their customers identity and validate specific payment instructions. The new rules, called Strong Customer Authentication (SCA), are intended to enhance the security of payments and limit fraud during this authentication process.
In essence, Clients who pay you on line by card will have to provide you an additional piece of information where payment is more than the equivalent of 30 euros. This is additional to their CSV number – for example: a PIN, password, smartphone fingerprint or even face recognition. Banks will start declining the payment if not.
This does not apply to payments taken over the phone.
What’s the latest?
The FCA in August 2019 agreed an 18-month plan to implement SCA with the e-commerce industry of card issuers, payments firm and online retailers. The plan reflects the recent opinion of the European Banking Authority (EBA) which set out that more time was needed to implement SCA given the complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers.
Jonathan Davidson, Executive Director for Supervision – Retail and Authorisations, said:
‘The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction’.
The FCA will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.
The FCA will also continue to monitor the extent to which banks and payment service providers are meeting its expectation that they consider the impact of SCA on different groups of consumers, and provide alternative means of authentication where needed.
What do you need to do?
If you take payments via your website, ensure your payments software provider is geared up for this change; and you may want to add additional information to your website letting your Clients know of the changes.
The latest figures just published by Companies House show an increase of 2% in Accounts being filed late for 2018 .
According to Companies House, 223,640 companies were late to file their accounts, with the worst areas being London, Birmingham and Manchester.
Companies House are stepping up both how quickly they fine companies and chasing them for the money.
Current fines are:
< 1 month late £150
1-3 months late £375
3-6 months late £750
6 months late £1,500
We submit all of our Client’s Accounts for them to Companies House, so they don’t need to concern themselves with these things!
All businesses (including Ltd companies, self-employed sole traders, contractors and partnerships) that process personal data are required to pay an annual data protection fee to the Information Commissioner’s Office (ICO) unless a relevant exemption applies.
As a Salon or Barbershop owner, you should see whether a fee is payable, or whether you are exempt. To do this, you can use the self-assessment tool on the ICO website.
We tried it (as if we were a salon owner) and it pretty much came down to whether CCTV was being used (in which case a fee was payable) and the answer to their question about whether data was only being used for staff admin, accounts records and advertising – if yes, then no fee – but if used for anything else then a fee became payable.
The self assessment tool can be found here and you should try it (only takes 3 minutes):
Page 8 of the ICO guide may also help you think about how you handle your data:
If you do not pay the charge, or you pay the incorrect charge, then you risk action by the ICO and possible fines, so it’s worth doing and keeping a copy of your results from the self-assessment.
Since Saturday 13th January 2018, you are no longer able to add a fee to clients who wish to pay by credit card, debit card or via methods such as PayPal.
The new rules stem from the EU Payment Services Directive, which lays out the changes EU governments must make by 13 January 2018. This mean the new rules will be put into UK law – and so will continue to exist even after Brexit.
If you have any questions, let us know!