15 December 2017
visit www.avoka.com

Visa slams European plans for stronger online transaction authentication rules

22 November 2016  |  12490 views  |  7 Online Shopping

Visa has lashed out at European Banking Authority (EBA) plans to toughen up authentication rules for online transactions over EUR10, claiming that they will lead to more declined transactions, complicated checkouts and abandoned purchases.

In January the EBA will publish its final proposed standards in response to the requirements of the Payment Services Directive, which mandates strong customer authentication (SCA) for all electronic payments.

SCA means that for every transaction over EUR10, online shoppers will have to go through additional steps - such as entering passwords, codes or using a card reader - at checkout.

Visa says that this means the end of the kind of one-click checkouts seen at sites such as Amazon and no more fast, automatic in-app payments where cards are already stored.

With Visa data showing that, across Europe, express online checkouts currently make up half of all today’s total e-commerce sales, the card giant says the changes will prove a massive setback for retailers and shoppers.

The firm has commissioned a survey which shows that just over half of Brits would abandon purchases if more steps are added to the checkout process.

International websites selling to European consumers will also have to follow the new rules or purchases will be automatically declined. Meanwhile, we could also see longer queues and issues using cards at places like toll booths and parking where PINs are not required today.

Peter Bayley, chief risk officer, Europe, Visa, says: "These new proposals threaten to seriously disrupt the way we all shop. The plans will bring a host of complications and inconveniences including more declined transactions and longer and more complicated checkout experiences with little if any benefit to consumers.

"Managing payments is always about balancing security and convenience. If you tip the balance too far one way, you end up making it either too difficult or too risky for consumers to make purchases wherever, whenever and on whatever device they want. Either way it annoys consumers and damages businesses’ potential to sell their goods and services."

Bayley says that there is not even any evidence that the SCA rules will cut fraud, claiming that the current risk-based authentication system works, with fraud on Visa cards at less than five cents in every EUR100 spent.

Comments: (7)

A Finextra member
A Finextra member | 22 November, 2016, 21:25

Are bridge or road toals really over 10EUR?

This will push people to use Samsung Pay, Apple Pay, and other one-time token systems.  I've never used them, but it's very interesting.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 22 November, 2016, 21:29

Visa has been providing e commerce payments for 20 years without building authenticated, secure paymnet means. Last week my friend got his Visa card blocked by the issuer since somebody was using ny card no for unauthenticated e comm transactions leaving him without the card while travelling abroad. Luckily I could pay for him...Why should one need to risk getting the card blocked every now and then or need to file complaints on fraudulent transactions posted to the account, file police reports, wait for refunds, just because card schemes want to avoid the investment cost for e comm authentication while milking fees from issuers and acquirers for unsecure e comm payments? Obviously the "risk based authentication" is not working - if it even exists. Look at the rapid growth of e commerce fraud.

3 thumb ups! 3 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 22 November, 2016, 22:47

PSD2 is all about giving payment providers direct access to accounts. No reason why a retailer couldn't do this, or a Payment initiation service provider on their behalf. Much of this will run on the new coming Instant Payment rails. Not a coincidence I suspect... leveling the security playing field will help bring transactions back to the banks and off the Visa rails. 

1 thumb up! 1 thumb up! (Log in to thumb up)
Edward Leong
Edward Leong - DistruptiveHut - Singapore | 23 November, 2016, 06:12

Perhaps is good time to migrate to use digital secure remote payment and EMV 3DS2.0 for online transaction. 

1 thumb up! 1 thumb up! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 23 November, 2016, 09:04

I thought Visa recently told Europe to be ready for strong authentication via 3DS (Source). Now it's protesting strong authentication proposed by EBA. Maybe it's only me but there seems to be a contradiction.

2 thumb ups! 2 thumb ups! (Log in to thumb up)
Steven Murdoch
Steven Murdoch - University College London - London | 23 November, 2016, 13:17

Visa also request that they have the option to not perform strong authentication, and instead accept liability for fraud. However this doesn't take into account that there are wider costs of fraud, that just refunding the customer will not deal with. Furthermore the draft regulations allow providers to keep the security audit of authentication systems secret, and so leave victims of fraud in a difficult position to argue that they were not negligent. I pointed both of these issues out in my own response to the EBA consultation.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Eli Talmor
Eli Talmor - SentryCom Ltd. - Haifa | 25 November, 2016, 10:13

I , respectfully, disagree with VISA .My key point: strong customer and payment authentication must be in-merchant-app. You are welcome to see my presentation , quoting VISA objections : http://www.slideshare.net/talmor/sentrycs-mobile-for-payments-more-security-and-less-friction

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Visa looks to kill passwords with multiple biometric authentication options

Visa looks to kill passwords with multiple biometric authentication options

14 November 2016  |  10546 views  |  2 comments | 14 tweets | 14 linkedin
PSD2: An open opportunity

PSD2: An open opportunity

30 September 2016  |  11614 views  |  1 comments | 24 tweets | 30 linkedin
European Parliament rubberstamps Payment Services Directive

European Parliament rubberstamps Payment Services Directive

08 October 2015  |  18917 views  |  0 comments | 50 tweets | 68 linkedin
European lawmakers agree revised Payments Services Directive

European lawmakers agree revised Payments Services Directive

05 May 2015  |  25462 views  |  2 comments | 31 tweets | 29 linkedin

Related company news


Related blogs

Create a blog about this story (membership required)
visit www.niceactimize.comvisit www.atos.netvisit www.aciworldwide.com

Top topics

Most viewed Most shared
satelliteRipple completes XRP Lockup
10000 views comments | 3 tweets | 2 linkedin
PSD2: Laying the regulatory foundation for a new age in paymentsPSD2: Laying the regulatory foundation for...
9425 views comments | 17 tweets | 36 linkedin
Brits flock to digital-only banksBrits flock to digital-only banks
7434 views 11 comments | 11 tweets | 15 linkedin
Banks and fintech startups join forces on blockchain-based supply chain pilotBanks and fintech startups join forces on...
6843 views comments | 19 tweets | 20 linkedin
hands typing furiouslyReshaping Customer Engagement & Da...
6249 views 0 | 4 tweets | 2 linkedin

Featured job

Find your next job