EBA plans for online payments alarm retailers

Banks and businesses have expressed concern over proposed European Union (EU) rules that would require “strong customer authentication” (SCA) for all electronic payments made on values over €10 (US$10.50), claiming that requiring additional security information could result in lost online sales of more than €11bn annually.

The new proposed standards have been drawn up by the European Banking Authority (EBA) in response to requirements in the Payment Services Directive (PSD”) with the aim of making online transactions safer for consumers. However, they would also lengthen the process of making an online purchase.

Business groups, credit-card companies and e-commerce associations are concerned that making online purchases too cumbersome could deter customers, while consumer advocates retort that there is no trade-off between antifraud protections and promoting e-commerce.

Reports suggest that the SCA required is most likely to take the form of passwords, one-time codes or using a physical card reader. With the average online retail purchase in Europe in 2016 at around €80, the extra security measures would be applied to most transactions within the EU.

According to payments technology company Visa Europe this would be enough to put €11.2bn of online sales a year at risk, equivalent to around 2% of Europe’s e-commerce market, which is estimated to have totalled more than €510bn last year.

A survey of more than 5,000 adults across Europe, conducted on behalf of Visa, indicated that 61% of consumers would abandon purchases if more steps were added to the online payment process.

At the same time, there is general agreement that online security measures need to be strengthened to protect consumers against online fraud. An 18% increase in the UK’s level of credit card fraud last year was attributable mainly to online purchases.

One alternative to a lengthier checkout process that has been suggested is increasing the use of mobile devices, whose sophisticated technology can collect and combine identifying factors such as the location, manufacturer and operating system, enabling it to become a permanent ID for its owner.

Once a customer is tied to a permanent device ID, organisations can recognise and trust returning devices, enabling buyers to complete transactions faster and more securely.


Related reading