Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

EBA told that tougher authentication will have a "chilling" effect on single market

A cross-industry letter signed by 39 European and national organisations in the payments value chain has hit out at European Banking Authority (EBA) plans to toughen up authentication rules for online transactions under the revised Payments Service Directive (PSD2).

  21 5 comments

EBA told that tougher authentication will have a "chilling" effect on single market

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The EBA's proposals to mandate tighter authentication for transactions over EUR10 has rung alarm bells with industry practitioners who claim that the new rules will lead to more declined transactions and abandoned purchases as customers are forced to conduct additional security checks at the checkout.

The letter to European Commission vice president Vladis Dombrovskis has been signed by a broad swathe of industry practitioners representing the payments, cards, e-commerce, small merchants, ICT and digital technology, telecoms, foreign trade, and leisure and travel industries.

It highlights a potentially "chilling effect on the digital single market" of the prescriptive rules, and instead calls for a more flexible risk-based approach to securing individual transactions.

"We are fully aligned with regulatory objectives to reduce fraud to the lowest possible level which is in the interest of all parties in the payments chain," the letter states. "Our concern is that by choosing a very blunt approach and disregarding some of the highly innovative approaches to authentication and risk management - which are already demonstrably working in the market - this goal will not be achieved and the consequences will be highly disruptive."

Sponsored [Impact Study] 2024 Fraud Trends in Banking, Insurance, and Beyond
 

Share

18
21
1
 
8

Related Company

European Banking Authority (EBA)

Channels

/retail banking /security

Keywords

cards mobile & online banking e-commerce

Comments: (5)

Eli Talmor

Eli Talmor CEO at ID-Bound

I , respectfully, disagree .My key point: strong customer and payment authentication must be in-merchant-app. You are welcome to see my presentation , quoting these objections: http://www.slideshare.net/talmor/sentrycs-mobile-for-payments-more-security-and-less-friction

A Finextra member 

@ Eli Talmor. My immediate observations on your presentation: 1. It's mobile only. What about the implications that could have existed under the EBA proposal for face to face transactions? I.e flights; train journeys where the card and cardholder are physically present but unable to go on-line? 2. Not everyone has a smart phone 3. Assumes all merchants have a merchant app'. 4. Commercials. A 'fee per transaction' = just another snout in the trough.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

I totally agree with the sentiments expressed by the cross-industry letter. After years of mandating strong authentication, the Indian regulator seems to have realized that the friction posed by 2FA is a bigger conversion killer than any comfort feeling delivered by greater security. As a result, it has prioritized convenience over security by waiving the 2FA mandate in its recently-published specs for Recurring Payments. It has also allowed instore / card present transactions below INR 1000 to happen without PIN. I'm sure these measures will boost digital payments in India - even without counting the boost given by the recent #CurrencySwitch measure. Against this backdrop, I can't help feeling that EBA is going back in time.

Eli Talmor

Eli Talmor CEO at ID-Bound

@ Anonymous Finextra Member 

1. The trend is clear : https://www.bloomberg.com/news/articles/2016-11-25/black-friday-s-slow-death-drags-on-as-shoppers-migrate-online

2. Sentrycs Mobile is NOT a one-size-fits-all solution. 

3. E-Merchant does not nessesarily need a smartphone app. Web/browser integration is also possible.

4.  "A 'fee per transaction' = just another snout in the trough."- Are you referring to the payment network in general ???

A Finextra member 

One principle of the EBA rules that is easily overlooked: authorisation of a payment belongs to the responsability of the payer's Account Servicing PSP, not the merchant or some other PSP.

Related news

Visa slams European plans for stronger online transaction authentication rules

PSD2 a golden opportunity for banks – new Finextra paper

Banks unsure on response to PSD2 upheaval

ECB sets out draft mobile payments security recommendations

[On-Demand Webinar] PREDICT 2025: What the National Payments Vision means for the UKFinextra Promoted[On-Demand Webinar] PREDICT 2025: What the National Payments Vision means for the UK

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept