Authentication in online Payments: Ecommerce Europe publishes Position Paper


On 23 February, the European Banking Authority published regulatory technical standards (RTS) on Strong Customer Authentication and common and secure communication (SCA). Following an in-depth analysis of the RTS, Ecommerce Europe has published a dedicated Position Paper on authentication in online payments.

According to the Ecommerce Europe Cross-border Barometer 2016, concrete issues related to online payments remain among the top challenges faced by online merchants when trading cross-border. Complicated check-out procedures and overly restrictive and burdensome online authentication methods present a serious obstacle to online merchants and their customers. Particularly in light of the nature of mobile shoppers, overly complicated procedures pose a problem, as they tend to abandon the process after the first step.

Ecommerce Europe welcomes the spirit of the Payment Services Directive 2 to promote an open, innovative and safe electronic payments landscape in Europe. However, Ecommerce Europe continues to have serious objections to the European Banking Authority’s draft RTS on Strong Customer Authentication. Ecommerce Europe’s key recommendations to policy makers are:

  • Revise the Reference Fraud Rate percentages for remote card-based payments to account for market realities
  • Expand the application of transactional risk-based assessment to online merchants and online merchants’ Payment Service Providers

Important progress made, but key risks to the e-commerce sector continue to persist

The Payment Services Directive 2, which is due to become legally applicable from 13 January 2018 and is aimed at bringing European payments legislation into the 21st century, has been ground-breaking. For the first time, European legislators attempted to mandate specific security standards and specifications through legislation. Ecommerce Europe welcomes the PDS2 and supports its aim of ensure a high level of payment security through mandating a balanced and convenient approach to security standards.

Ecommerce Europe appreciates the difficult task conveyed to the European Banking Authority to draft RTS on Strong Customer Authentication and welcomes the EBA’s change of mind to include an exemption for Transactional Risk Assessment in its final draft. Since mid-2016, Ecommerce Europe had strongly advocated for such an exemption.

Although the inclusion of an exemption for Transactional Risk Assessment are a critical first step in the right direction, the EBA’s final draft RTS continue to fail to address the underlying risks it poses to the success of the European e-commerce industry. The currently prescribed conditions under which Transactional Risk Assessment is permitted to be applied are not in line with market realities, online merchants’ business models and online shoppers’ check-out expectations.

Ecommerce Europe calls on European legislators to use the full time available to them to make further and crucial amendments to the European Banking Authority’s draft RTS.

For a detailed explanation of Ecommerce Europe’s position and recommendations for policy makers, please download the Position Paper on authentication in online payments (April 2017) here.