EURACTIV reports that 27 companies and industry groups have co-signed a letter urging the European Commission to reconsider the upcoming online payment regulation proposal. The revised Payment Services Directive (PSD2) enters into force on 13 Jan 2018, and it aims to foster a pan-European digital payments landscape, with better competitiveness and customer protection.
Companies such as Expedia, Airbnb and Amazon are represented by these groups.
The organisations worry that in a bid to ensure maximum fraud security for customers, the shaky balance between convenience and transaction safety has been eroded. The new Directive requires all transactions above €30 to undergo mandatory two-factor Strong Customer Authentication (SCA). These devices are tokens or card readers used to verify the user’s identity.
Ecommerce Europe opines that this requirement places unnecessary hurdles on online transactions, which harms the convenience of the users and the livelihood of online marketers, who depend on simplicity of transactions.
They stress that the extra clicks required to confirm a purchase could turn customers away from buying altogether and harm the economy.
The issue is further exacerbated by the fact that banks can decide whether SCA will be used for smaller amounts at their sole discretion, instead of the online service. The groups feel that they have valuable information about the customers’ behaviour, just like banks do, and that they too should be included in the risk assessment process.
The groups argue universal strong customer authentication requirements could result in discrimination against customers, since the proposed solution is not ‘technologically neutral’.
The organisations instead propose the use of Transaction Risk Analysis (TRA). Their proposal would allow purchases larger than €30 go through if they are deemed low-risk depending on several pre-defined criteria and use patterns. Regular customers would, for example, be exempt from verifying their €100 online purchases from a store they buy from regularly. The risk assessment would be based on the sellers’ own fraud risk analyses.
Their pleas have gone unanswered by the European Commission, however, and the implementation will go as planned. The previous revision was even stricter, by mandating a €10 maximum for non-authenticated purchases.
Total fraud levels in the EU are on the rise. The European Central Bank reports that about 0.02% – two in a thousand – of all transactions are fraudulent. More than 70% of those are the card-not-present transactions, such as those performed online. The total cost of these transactions amounts to about €1.8 billion across 18 European countries. France and the UK are the countries with the highest levels of fraud.
Despite the relatively low levels of card fraud across the EU, it’s not expected that the EC will budge to the lobbyists’ demands. The goal of protecting the consumers against massive fraud takes precedence in the eyes of the lawmakers, in spite of the lobbyists’ warnings.