Visa is warning a proposal from the European Banking Authority (EBA) requiring every online transaction over €10 (US$10.61) to have additional authentication steps at checkout will “seriously disrupt online shopping and cause inconvenience for consumers”.
Some 95% of European consumers spend more than €10 when shopping online, while 52% of UK consumers would abandon purchases if more steps were added to the checkout process, research conducted by Populus on behalf of the payment network reveals.
“The EBA has brought forward proposals for how it will implement what is called strong customer authentication (SCA),” Visa says. “The plans include a one-size-fits-all approach where every online transaction over €10 will require additional steps at checkout, such as entering passwords, codes or using a card reader.”
‘Host of complications’
Visa says the proposals will see the end of express online checkouts such as one-click checkouts, as well as automatic in-app payments where cards are already stored.
“The plans will bring a host of complications and inconveniences, including more declined transactions and longer and more complicated checkout experiences with little, if any, benefit to consumers,” says Peter Bayley from Visa.
“Managing payments is always about balancing security and convenience. If you tip the balance too far one way, you end up making it either too difficult or too risky for consumers to make purchases wherever, whenever or on whatever device they want.”
The EBA will publish its final proposed standards on 12 January 2017 in response to the requirements of the Payment Services Directive (PSD2), which mandates SCA for all electronic payments.
“In its consultation paper on the draft technical standards on strong customer authentication and secure communication under the PSD2, the EBA had to make difficult trade-offs between various competing demands,” EBA told NFC World.
“These include the opposing objectives of achieving a high degree of security in retail payments (which suggests the EBA should develop a technical standard that requires consumers to authenticate themselves often) against customer convenience (which suggests the EBA should do the exact opposite).
“These competing demands are particularly pertinent because the EBA’s technical standards represent the first time that security requirements are enshrined into EU law, and because the PSD2 will allow so-called third-party providers to access the payment accounts of consumers.
“The EBA has received 260 responses to the consultation paper on these particular draft technical standards. We are currently in the process of assessing which, if any, changes we will need to make before finalising the technical standard and publishing it at the beginning of next year.”