In light of yesterday’s publication of the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) by the European Banking Authority (EBA), Ecommerce Europe welcomes the decision to introduce transactional risk-based assessments for electronic payments up to €500.
“We welcome the EBA’s decision to take into consideration the concerns voiced by the e-commerce sector during the public consultation last year. Online merchants today have the technological means to monitor, in real time, the behavioral patterns of their customers to effectively analyze the potential risk of any particular transaction. Online merchants then take the necessary mitigating measures to prevent fraud, while the legitimate customers always remain protected. The EBA has now acknowledged the role of transactional risk-based technologies to the success of the European e-commerce industry” said Marlene ten Ham, Secretary General of Ecommerce Europe.
The final draft’s approach to introduce exemptions to Strong Customer Authentication safeguards online merchants’ business models while increasing the overall security and confidence in electronic payments and tackling online fraud. Ecommerce Europe welcomes the approach taken to allow transactional risk-based assessment up to a value of €100. Considering the fall in transactional value brought about by the growing popularity of e-commerce for smaller purchases, in many countries this covers the majority of electronic transactions.
Ecommerce Europe furthermore welcomes the decision taken, to introduce risk-based assessments for transactions between €100 and €500 based on the overall fraud levels of the payer’s Payment Service Provider’s fraud rate. We believe that this is the right direction towards ensuring that customers can be offered the most secure and convenient checkout experience, although the acceptable fraud reference rates under Article 16 should not be set too stringent and in dialogue with industry players.
Apply risk-based analysis to all electronic transactions
Considering the EBA’s introduction of risk-based analysis for transactions between low-value transactions of up to €30 and transaction up to €100, Ecommerce Europe calls on the European Commission to allow a risk-based approach for all transactions up to €100. In any case, Ecommerce Europe believes that a one-size-fits-all approach to online fraud prevention through monetary thresholds does not effectively address the difference in industries and sizes of business prone to online fraud.
In light of the significant growth of e-commerce through mobile devices, Ecommerce Europe is equally pleased to see that the European Banking Authority has forgone its previous recommendation to introduce an independence requirement between the devices, applications and software between which transactions are initiated and authentication codes are received.