Question to the HM Treasury:

To ask the Chancellor of the Exchequer, what steps he has taken to ensure that people who do not possess a smart mobile phone capable of identity verification are not discriminated against when online banking.

Regulatory technical standards, known as Strong Customer Authentication (SCA), have been introduced across retail banking and payment services. These rules aim to ensure that the person requesting access to their account, or trying to make a payment, is either the account holder or someone to whom they have given consent. The Financial Conduct Authority (FCA) is responsible for supervising and enforcing the SCA technical standards. The FCA has a duty to regularly review these technical standards, and also has the power to amend them, subject to Treasury approval.

FCA guidance expects firms to develop SCA solutions that work for all types of customer, encouraging firms to consider their impact on different groups as part of the design process, particularly those with protected characteristics. The FCA guidance also recognises that not all customers will have mobile phones or reliable mobile signal, and that payment service providers must therefore provide a viable means to authenticate customers in these situations. For example, this could include the creation of a one-time password through a piece of equipment called a token generator, or by providing a one-time password via a landline.

The FCA’s guidance (specifically paragraph 20.22) can be found online at the following location:

https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017.pdf

Further information about the introduction of SCA can be found on the FCA’s website:

https://www.fca.org.uk/consumers/strong-customer-authentication