This editorial was first published in our Online Payments and Ecommerce Market Guide launched on 1 November 2017. The guide features several important thought leadership editorials from ecommerce and payments industry professionals, which makes it a top-reference source for anyone involved in the payments ecosystem.
PSD2 can only be successful for the Digital Single Market when implemented right
The Internet has revolutionised the way in which customers buy and sell goods and services. Customers today expect to make purchases from anywhere and at any time they wish. Moreover, online shoppers, and in particular those buying from a mobile device, demand the check-out process to be secure, swift and frictionless. In short, in modern ecommerce, payment security and convenience are not mutually exclusive concepts, but the foundation of a successful ecommerce sector in the EU’s Digital Single Market.
The EU’s revised Payment Services Directive (PSD2), which will be applicable from 13 January 2018, has been ground-breaking in promoting an open and innovative European payments landscape by ending banks’ monopoly on payment services. The new PSD2 opens the electronic payments market to new, innovative and customer-centric companies enabling both customers and online merchants to use third-party payment providers to manage their payment transactions. Together with the ever-increasing digital integrations across platforms, in the future, customers may be using Amazon, Facebook or their Apple or Google phone operating systems to pay for train tickets, AirBnB or Uber rides. This further integration of payment services promises to increase customers’ overall convenience when purchasing goods or services online.
Security and convenience under Strong Customer Authentication
However, while the PSD2 legislation aims to bring the European payments landscape into the 21st century and up to speed with customers’ demands for a balance between security and convenience, this call for balance is currently being eroded by technical standards developed by the European Banking Authority (EBA). The EBA is now proposing that any transaction above EUR 30 to undergo mandatory two-factor Strong Customer Authentication (SCA). Transactions above that threshold may still be processed without SCA, but this will depend on the card issuing bank’s willingness to support risk-based authentication methods and reported card-not-present fraud rate. This puts the customer’s checkout convenience and the online merchants’ conversion rates at the mercy of banks.
This could mean that whether a customer has to undergo extensive security checks does not depend on his or her shopping behaviour or history, or even on the online merchant’s ability to detect fraud, but exclusively on the customers’ bank and its track record of tackling fraud. In today’s digital economy, online merchants hold more data about their customers than ever before and by using this data, they can make as safe decisions regarding the fraud risk of a particular transaction as the issuing bank can. While digital and tech companies work towards making online payments more secure, faster and convenient for their customers, banks and regulators work to restrict the big strives that the digital industry has made in recent years.
The proposed rules could potentially end in bizarre cases in which customers will have to undergo additional and inconvenient authentication steps after the actual service has been performed and the customer has already continued on his way. For example, a customer may be asked to separately authenticate himself after getting his Uber, because the transaction amounts to more than EUR 30. While simple and convenient methods of authentication, such as fingerprint biometrics, do exist in a number of smartphones today, they are not yet universally available and can vary greatly between countries and banks.
Universal strong authentication requirements, as proposed by the European Banking Authority, do not work in practice. While a growing number of forward-looking and innovative banks are today integrating biometric authentication tools for authentication, others are relying on e-Token or OTPs. In many countries for example, a physical card, PIN code and a card reader are all required in order to initiate an online transaction. In today’s world shaped by mobile commerce, such requirements are inconvenient and represent a barrier to the growth of the digital economy. By mandating universal strong customer authentication requirements, European regulators may actually be discriminating against customers rather than promoting technologically neutral solutions.
Digital Single Market success dependent on safe online payments
According to the European Commission, the Digital Single Market aims to “open up digital opportunities for people and businesses and enhance Europe’s position as a world leader in the digital economy”. Also, according to the Commission, a full functioning Digital Single Market could annually contribute EUR 415 billion to the European economy and create hundreds of thousands of new jobs. Today, 55% of EU consumers shop online. In fact, almost all growth in the retail sector today is directly related to ecommerce.
The success of the Digital Single Market hinges on many strings such as harmonised simple and technologically neutral regulations. Payment and security, however, remain at the foundations of any economy. Simply speaking, everyone wants to get paid and be safe when doing so. This is especially true in a digital economy, where there are little to no physical relationships between the customer and the trader. For online merchants, payment security is vital for their survival. If customers feel their payment security undermined, there are millions of competitors offering stronger security that they can choose.
Convenient and safe online payments are the foundation for the success of the EU’s Digital Single Market. The EBA’s proposed rules on online payments, however, aim to make paying online and, especially on-the-go, so inconvenient, that they threaten the success of the Digital Single Market.
About Marlene ten Ham
Marlene ten Ham is the Secretary General of Ecommerce Europe. Marlene has over 10 years of experience in the consultancy sector and is currently a managing partner of a consultancy company.
About Ecommerce Europe
Ecommerce Europe is the voice of the ecommerce sector in Europe representing 20 national associations and over 25,000 online shops across Europe. Its mission is to boost the ecommerce industry by helping decision makers shape policies fit for future sustainable growth and through its Ecommerce Europe European Trustmark label.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now