The European Commission removes the foundation for a successful Digital Single Market


Modern online shoppers, and in particular those buying from a mobile device, demand their check-out processes to be secure, swift and frictionless. In modern e-commerce, payment security and convenience are not mutually exclusive concepts, but the foundation of a successful e-commerce sector in the EU’s Digital Single Market.

The revised Payment Services Directive (PSD2), which will be applicable from 13 January 2018, has been ground-breaking in promoting an open and innovative European payments landscape by ending banks’ monopoly on payment services. It opens the electronic payments market to new, innovative and customer-centric companies enabling both customers and online merchants to use third-party payment providers to manage their payment transactions. Together with the ever-increasing digital integrations across platforms, in the future, customers may be using Amazon, Facebook or their Apple or Google phone operating systems to pay for train tickets, AirBnB or Uber rides. This further integration of payment services promises to increase customers’ overall convenience when purchasing goods or services online.

Security and convenience under Strong Customer Authentication

However, while the PSD2 legislation aims to bring the European payments landscape into the 21st century and up to speed with customers’ demands for a balance between security and convenience, the European Banking Authority’s (EBA) is currently eroding this balance through technical standards under which they propose that any transaction above EUR 30 has to undergo mandatory two-factor Strong Customer Authentication (SCA). While transactions above said threshold may continue to be processed without SCA, this will solely depend on the card issuing (customer) bank’s willingness to support risk-based authentication methods and their reported card-not-present fraud rate. This puts the customer’s checkout convenience and online merchants’ conversion rates at the mercy of banks.

This means that whether a customer has to undergo extensive security checks does not depend on his or her shopping behaviour or history, or even on the online merchant’s ability to detect fraud, but exclusively on the customers’ bank and its track record of tackling fraud.

In today’s digital economy, online merchants hold more data about their customers’ shopping behaviour than ever before and, by using this data, they can make as safe decisions regarding the fraud risk of a particular transaction as the issuing bank can. While digital and tech companies work towards making online payments more secure, faster and convenient for their customers, banks and regulators work to restrict the big strives that the digital industry has made in recent years.

The proposed rules could potentially end in bizarre cases in which customers will have to undergo additional and inconvenient authentication steps after the actual service has been performed and the customer has already continued on his way. While simple and convenient methods of authentication, such as fingerprint biometrics, do exist in a number of smartphones today, they are not yet universally available and can vary greatly between countries and banks.

Universal strong authentication requirements, as proposed by the European Banking Authority, do not work in practice. While a growing number of forward-looking and innovative banks are today integrating biometric authentication tools for authentication, others are relying on e-Token or OTPs. In many countries for example, a physical card, PIN code and a card reader are all required in order to initiate an online transaction. In today’s world shaped by mobile commerce, such requirements are inconvenient and represent a barrier to the growth of the digital economy. By mandating universal strong customer authentication requirements, European regulators may actually be discriminating against customers rather than promoting technologically neutral solutions.

Digital Single Market success dependent on safe and convenient online payments

Payment and security, however, remain at the foundations of any economy. Simply speaking, everyone wants to get paid and be safe when doing so. This is especially true in a digital economy, where there are little to no physical relationships between the customer and the trader. For online merchants, payment security is vital for their survival. If customers feel their payment security undermined, there are millions of competitors offering stronger security from which they can choose to buy.

Convenient and safe online payments are the foundation for the success of the EU’s Digital Single Market. The EBA’s proposed rules on online payments, however, aim to make paying online and, especially on-the-go, so inconvenient, that they threaten the success of the Digital Single Market.