Coronavirus hits adoption of stricter online payments rules

The implementation of 'strong consumer authentication" was postponed from September last year to December 2020. Retailers now said they need more time.

European retailers are asking for more time to adopt stricter rules to protect online shoppers, but consumer organisations say the demand is “completely unacceptable” as e-commerce fraud has increased during the coronavirus crisis.

The confinement measures adopted across the world to contain the spread of COVID-19 has fuelled online shopping. And with it, the volume of scams and other strategies used by criminals to steal consumers’ financial details and data.

Europe’s revised Payment Service Directive (PSD2) would help to minimise the fraudulent use of  credit card information for online payments, as it includes “strong customer authentication” (SCA) systems to ensure that nobody buys on our behalf.

However, the implementation of SCA was postponed from September last year to December 2020, after financial players and businesses said they needed more time. 

The new rules would require that payment service providers in Europe adopt multiple authentication systems with card-based online payments.

The directive stipulates that a strong authentication should be based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is).

For example, it could combine the use of facial recognition (inherence) with the introduction of a password (knowledge).

Retail associations are now asking for an additional extension, arguing that dealing with the high volumes of e-commerce is already very demanding.

The UK Financial Conduct Authority has currently set a deadline for 31 March 2021.

“We ask that full consideration be given to granting a harmonised extension to the current deadline of 31 December 2020 for the migration to SCA, in order to allow businesses to focus on keeping their businesses running as efficiently as possible,” said EuroCommerce, Independent Retail Europe, and Ecommerce Europe in a joint letter on 31 March.

The organisations said that retailers and the e-commerce sector in particular “do not have the additional resources at present to undertake the considerable steps needed for a successful transition by the end of the year.”

Their demand was supported on Monday (4 May) by Payments Europe, an association grouping banks and credit card companies.

“If certain actors are not ready, transactions will get declined for no reason, which will hamper e-commerce – a tool vital to keep the economy going, especially during today’s crisis,” Payments Europe said.

But BEUC, the European Consumer organisation, said that the postponement would be “completely unacceptable”.

“Online fraud was growing even before COVID-19 and one reason is that most online transactions require only the card number, its expiry date and the three-digit code on the back of the card,” Andrew Canning, a BEUC spokesperson told EURACTIV on Monday.

“Banks and payments providers have had more than four years to prepare for these new security standards – consumers cannot wait any longer,” he added. 

The decision is in the hands of the European Banking Authority, and national authorities.

The EBA issued a recommendation last June to provide “limited additional time”, given the complexity of adopting the new standards.

EU divided over implementation of payments directive

The European Commission questioned on Wednesday (25 September) some member states’ decision to grant at least 18 months to banks for the full implementation of the European Payments Services Directive 2, which requires stronger authentication procedures for online payments.

This extended but undefined time led to different deadlines being set by national authorities, which could have hampered the benefits that PSD2 should bring.

As a result, the EBA issued a second opinion last October proposing 31 December this year as the EU deadline for the full adoption of PSD2.

A European Commission official said that the institution is “closely monitoring the implementation of PSD2 whose positive effects on competition, innovation and consumer protection are already largely felt.”

The Commission also plans to review the directive “in due course”, once “its impact and effects will be more measurable.”

In addition, the EU executive will adopt its retail payments strategy later this year. 

A Commission official said that online payments is among those issues that the institution is “closely examining” in the preparatory phase of the strategy.

Cashless payments versus the pandemic

Authorities are encouraging the use of electronic payments as a safer measure to maintain social distance and contain the spread of the coronavirus.

[Edited by Benjamin Fox]

Subscribe to our newsletters