The UK is one of just three countries that has declined to sign up to new European guidelines designed to make online payments more secure.
The new European Banking Authority (EBA) guidelines will come into effect from 1 August, requiring firms to have certain standards, such as one-time security details, for customers making internet payments.
Dirk Haubrich, head, consumer protection, financial innovation and payments, EBA, says: "This work will ensure increased confidence in internet payments for consumers and firms in the EU, and is aimed at allowing this sector of the payments market to continue to grow."
While 24 national authorities have signed on and two have promised partial compliance, three countries - Estonia, Slovakia and the UK - have not.
The UK's Financial Conduct Authority says that it "does not have the power without legislative change to make binding rules requiring all payment service providers (credit institutions, payment institutions and e-money institutions) to comply with the EBA Guidelines".
The FCA insists that it is "supportive" of the EBA's objectives and is considering issuing its own guidance to payment service providers.
The EBA guidelines are being introduced as a stopgap and will be superseded by the upcoming revised Payments Services Directive (PSD2) in 2018/19. The FCA notes that it requires compliance with the SecuRe Pay Recommendations that are in place for PSD2 transposition.