We have carefully selected relevant news stories that you should be aware of from July 2019.
Retailers Unprepared For Upcoming SCA Regulations
23rd July 2019: The UK’s Financial Conduct Authority (FCA) has confirmed its intent to implement Strong Customer Authentication (SCA) in online retail. This will apply to online shoppers whose purchase is of more than £27 in a single transaction and will require shoppers to relay passwords sent to their mobile phone. However, this change is not welcomed by a group representing shops, who have sent a letter to the FCA warning them of possible negative implications.
The letter states that three quarters of small online retailers do not have the correct software to allow the two-step verification and that these should be given more time to get ready for the change. The letter also warns this change will lead to customer confusion, abandoned purchases, a decline of valid transactions and poor customer experiences [Lawyer Monthly].
How to prepare for Strong Customer Authentication (SCA) regulation
9th July 2019: There’s little doubt that web sales represent an ever-increasing revenue channel for most UK retailers.
In fact, eMarketer expected online retail spend to increase by 14.9% in 2018, to almost £96 billion. However, Strong Customer Authentication (SCA) is coming fast and carries the potential to disrupt online retail sales from September onward.
Here, Paul Davidson, project specialist, banking and payments at Expense Reduction Analysts, explains the new regulations and why retailers need to make sure their payment gateway doesn’t become a limiting factor for ongoing sales [Tamebay].
ICO Blog: Live facial recognition technology – data protection law applies
9th July 2019: Any organisation using software that can recognise a face amongst a crowd then scan large databases of people to check for a match in a matter of seconds, is processing personal data.
For the past year, South Wales Police and the Met Police have been trialling live facial recognition (LFR) technology that uses this software, in public spaces, to identify individuals at risk or those linked to a range of criminal activity – from violent crime to less serious offences [ICO].
ICO: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach
9th July 2019: The proposed fine relates to a cyber incident which was notified to the ICO by Marriott in November 2018. A variety of personal data contained in approximately 339 million guest records globally were exposed by the incident, of which around 30 million related to residents of 31 countries in the European Economic Area (EEA). Seven million related to UK residents.
It is believed the vulnerability began when the systems of the Starwood hotels group were compromised in 2014. Marriott subsequently acquired Starwood in 2016, but the exposure of customer information was not discovered until 2018. The ICO’s investigation found that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems [ICO].
ICO: Intention to fine British Airways £183.39m under GDPR for data breach
8th July 2019: The proposed fine relates to a cyber incident notified to the ICO by British Airways in September 2018. This incident in part involved user traffic to the British Airways website being diverted to a fraudulent site. Through this false site, customer details were harvested by the attackers. Personal data of approximately 500,000 customers were compromised in this incident, which is believed to have begun in June 2018.
The ICO’s investigation has found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information [ICO].
We hope that you found the above update useful. Please let us know if there are any topics you want to hear more or less about.