February 28, 2017
Feedback from European merchants has resulted in the European Banking Authority (EBA) changing the Regulatory Technical Standards (RTS) governing the implementation of the EU’s second Payment Services Directive (PSD2). The PSD2, passed in 2015 and expected to come into force in January 2018, has updated regulatory compliance requirements in several areas for companies that want to sell in the euro zone—notably online consumer authentication. In its original draft, the PSD2 required strong authentication (some implementation of multi-factor authentication) on all online transactions over €10 ($10.61). An overwhelming response from merchants concerned about what that would do to conversion rates and revenue, got the EBA to raise that threshold to €30 (about $32) in the final draft of the RTS, released on Thursday. Additionally, the draft allows another exemption for online transactions up to €100 ($106) for companies that employ “transaction risk analysis” (fraud-prevention solutions that assess the fraud risk of every transaction). Ecommerce Europe, an association of online sellers in Europe, applauded the decision to make the exemptions to the strong authentication standards more flexible.
“We welcome the EBA’s decision to take into consideration the concerns voiced by the e-commerce sector during the public consultation last year,” said Marlene ten Ham, secretary general of Ecommerce Europe. “Online merchants today have the technological means to monitor, in real time, the behavioral patterns of their customers to effectively analyze the potential risk of any particular transaction. Online merchants then take the necessary mitigating measures to prevent fraud, while the legitimate customers always remain protected. The EBA has now acknowledged the role of transactional risk-based technologies to the success of the European e-commerce industry.”
- Policy Review: How are Governments Affecting CNP Businesses This Year
Why Authentication is Important
Cross-Border E-Commmerce in Established Markets
- Behavioral vs. Physical Biometrics