EBA told that tougher authentication will have a "chilling" effect on single market

A cross-industry letter signed by 39 European and national organisations in the payments value chain has hit out at European Banking Authority (EBA) plans to toughen up authentication rules for online transactions under the revised Payments Service Directive (PSD2).

The EBA's proposals to mandate tighter authentication for transactions over EUR10 has rung alarm bells with industry practitioners who claim that the new rules will lead to more declined transactions and abandoned purchases as customers are forced to conduct additional security checks at the checkout.

The letter to European Commission vice president Vladis Dombrovskis has been signed by a broad swathe of industry practitioners representing the payments, cards, e-commerce, small merchants, ICT and digital technology, telecoms, foreign trade, and leisure and travel industries.

It highlights a potentially "chilling effect on the digital single market" of the prescriptive rules, and instead calls for a more flexible risk-based approach to securing individual transactions.

"We are fully aligned with regulatory objectives to reduce fraud to the lowest possible level which is in the interest of all parties in the payments chain," the letter states. "Our concern is that by choosing a very blunt approach and disregarding some of the highly innovative approaches to authentication and risk management - which are already demonstrably working in the market - this goal will not be achieved and the consequences will be highly disruptive."

Related Companies

European Banking Authority (EBA)

Channels

Retail banking Security

Keywords

Cards Mobile & online banking E-commerce

Comments: (5)

Eli Talmor - ID-Bound - Haifa 28 November, 2016, 11:51

Be the first to give this comment the thumbs up

0 likes

I , respectfully, disagree .My key point: strong customer and payment authentication must be in-merchant-app. You are welcome to see my presentation , quoting these objections: http://www.slideshare.net/talmor/sentrycs-mobile-for-payments-more-security-and-less-friction

Report abuse

A Finextra member 28 November, 2016, 15:56

0 likes @ Eli Talmor. My immediate observations on your presentation: 1. It's mobile only. What about the implications that could have existed under the EBA proposal for face to face transactions? I.e flights; train journeys where the card and cardholder are physically present but unable to go on-line? 2. Not everyone has a smart phone 3. Assumes all merchants have a merchant app'. 4. Commercials. A 'fee per transaction' = just another snout in the trough.

Report abuse

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 28 November, 2016, 17:49

0 likes

I totally agree with the sentiments expressed by the cross-industry letter. After years of mandating strong authentication, the Indian regulator seems to have realized that the friction posed by 2FA is a bigger conversion killer than any comfort feeling delivered by greater security. As a result, it has prioritized convenience over security by waiving the 2FA mandate in its recently-published specs for Recurring Payments. It has also allowed instore / card present transactions below INR 1000 to happen without PIN. I'm sure these measures will boost digital payments in India - even without counting the boost given by the recent #CurrencySwitch measure. Against this backdrop, I can't help feeling that EBA is going back in time.

Report abuse

Eli Talmor - ID-Bound - Haifa 29 November, 2016, 06:37

0 likes

@ Anonymous Finextra Member

1. The trend is clear : https://www.bloomberg.com/news/articles/2016-11-25/black-friday-s-slow-death-drags-on-as-shoppers-migrate-online

2. Sentrycs Mobile is NOT a one-size-fits-all solution.

3. E-Merchant does not nessesarily need a smartphone app. Web/browser integration is also possible.

4. "A 'fee per transaction' = just another snout in the trough."- Are you referring to the payment network in general ???

Report abuse

A Finextra member 29 November, 2016, 07:43

0 likes

One principle of the EBA rules that is easily overlooked: authorisation of a payment belongs to the responsability of the payer's Account Servicing PSP, not the merchant or some other PSP.