EU Commission submits final RTS on Strong Customer Authentication

Tuesday 28 November 2017 11:01 CET | News

The EU Commission has submitted its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) to The European Parliament and Council.

The decision to keep the stringent security measures (two-factor authentication) for payments over EUR 30 was met with a negative response from several ecommerce organizations including Ecommerce Europe and EMOTA (European eCommerce and Omni-channel Trade Association).

The main issue these organizations have with RTS is that it creates friction for ecommerce shopping and will affect merchants’ sales figures. Two-factor authentication uses at least two distinct elements to authenticate an user from the following:

  • Something the user has (e.g. a mobile phone, token)

  • Something the user knows (e.g. a password)

  • Something the user is (e.g. fingerprints and other biometrics)

Strong Customer Authentication will apply for payments above EUR 30.

Ecommerce Europe believes that the current regulatory technical standards are too vague and asks for “further clarifications and clear guidelines on the real-life applications of their proposed exemptions on trusted beneficiaries, recurring payments and low-value transactions.”

Other issues arise with consecutive payments, as explained by Margreet Lommerts, Ecommerce Europe Secretary General ad interim, “if a customer buys six songs or apps worth 0.99€ each, the RTS would mandate the sixth transaction, worth less than 1€ to undergo SCA. These restrictions are not reasonable in an online environment.”


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: EU Commission, RTS, Strong Customer Authentication, SCA, online payments, PSD2, ecommerce
Categories: Payments & Commerce | Online Payments
Countries: World
This article is part of category

Payments & Commerce