The EU banking regulator’s plans to reduce fraud by obliging the use of passwords, codes or a card reader to authenticate electronic payments above 10 euros have drawn fire from the payments industry.
Visa and others argue that mandated authentication checks put forward by the European Banking Authority risk disrupting online shopping without increasing security.
The concern is that making customers jump through more hoops to complete online transactions will result in increased cart abandonment rates, which will likely impact retailers’ bottom line.
The regulation threatens to cramp one-click shopping and automatic app payment technologies for anything other than small payments, the argument goes.
“Changes mean no more express checkouts or quick in-app payments from mobiles, reduced access to non-European online shopping sites, and longer queues at places like toll booths and parking,” according to Visa.
The payments technology company took the unusual step of putting out a statement lambasting the EBA’s draft plan for strong customer authentication (SCA), the final version of which is due out in January.
Robert Capps, VP of business development at behaviour-based biometrics firm NuData Security, said, “We’d tend to support Visa’s stance on this issue in several ways. While it may seem that adding more identity tests to the transaction stream should make the transaction more secure, this isn’t necessarily true.
“If the test is vulnerable to impersonation, as we see with physical biometrics, or is as vulnerable as passwords, no number of additional touchpoints will make the transaction more secure,” he added.
The proposed changes are part of the European Commission’s forthcoming Payment Services Directive 2. If ratified as part of the proposals, strong customer authentication would come into effect across Europe from 2018 onwards. ®