Ecommerce Europe calls on EBA to expand its customer authentication mandate for to include ‘targeted authentication’


After extensive negotiations between the European institutions, the revised landmark Payment Services Directive (PSDII) entered into force on 12 January after publication in the Official Journal of the EU and will apply to member states from 13 January 2018. The principle aims of the Directive is to improve the security of online payment services, open the online payments landscape up to new innovative solutions and reduce online fraud. As part of the revision of the Directive, the European Commission mandated the European Banking Authority (EBA) with drafting regulatory technical standards on strong customer authorization.

Following a discussion paper early 2016, the EBA has since published a set of draft regulatory technical guidelines to which it has invited stakeholders to provide input through an open consultation.

‘Strong customer authentication’ vs. Targeted customer authentication’

In its revision of the PSDII, the European institutions put a focus on ‘strong customer authentication’ methods in order to ensure high consumer protection. While Ecommerce Europe understands the need for strong customer safeguards in order to foster trust, Ecommerce Europe voices its strong concerns that the Directive’s emphasis on strong customer authentication strongly impair upon the customer experience. A balanced approach to payment security has shown to increase merchants’ conversion rates while upholding a high level customer experience.
As such, Ecommerce Europe asks legislators to expand the mandate of the Payment Services Directive 2 to include ‘targeted’ authentication methods as an alternative to strong authentication. Targeted authentication methods allow merchants to tailor applicable authentication methods to a number of consumer-specific factors such as transaction amount history. This allows merchants to assume the risks of fraud prevention in order to ensure a high rate of conversion at the check-out while not infringing upon the customer experience.

With this in mind, Ecommerce Europe has, in cooperation with EDiMA, EPIF, Choice in eCommerce and CCIA endorsed an independent industry study on the benefits of targeted customer authentication to the European e-commerce sector.

Down load the study here and read the full Press Release here.

Next Steps

The EBA will conclude its consultation on the draft regulatory technical guidelines on strong customer authentication on 12 October 2016. Following input from national associations, Ecommerce Europe will draft a response to the consultation highlighting the importance of a balanced approach to authentication the e-commerce sector.

Following the consultative process, the EBA is expected to publish the draft guidelines by the end of 2016. Following approval by the European Commission and the European Parliament in the first half of 2017, they will become applicable to member states within 2 years.

As the voice of the European e-commerce sector, Ecommerce Europe, in cooperation with its coalition partners, will continue to advocate EU legislators to create a safe and innovate payments landscape for the European e-commerce sector.