At the beginning of July the Bundeskartellamt (independent competition authority) declared that the German Banking Industry Committee (Deutsche Kreditwirtschaft)’s general terms and conditions are illegal. For the Bundeskartellamt, they restrict competition between the different providers of payment services in the Internet and violate both German and European competition law.
There is a need both from consumers and sellers for cheaper and faster payment solutions, but the current rules impede new and innovative services to access the growing market for payment services in the e-commerce sector. “In essence, it is about whether non-bank payment services can also use PINs [personal identification number] and TANs [transaction authentication number]. We have taken careful consideration of the justified interest of the banking industry that security in online banking has to be safeguarded. However, the rules currently used cannot be considered as a necessary part of a consistent security concept of the banks and they impede non-bank competitors”, said Andreas Mundt, President of the Bundeskartellamt.
Indeed, the illegal practice underlined by the Bundeskartellamt’s investigations concerns the rules applied in the “special conditions for online banking” which are imposed on online banking customers for the use of the personal security features PIN and TAN. Based on these rules, online banking customers may not use their PIN and TAN in non-bank payment systems to allow access to third party systems, which include payment initiation services.
This decision was based on the case of SOFORT (a platform enabling shoppers to make payments to merchants directly from their online banking), against German bank associations. SOFORT feels relieved by the decision and hopes that it will be helpful to other Member States and bring clarity for merchants, consumers and payment providers.
Rules for non-bank payment solution providers in the European Union
Currently in the European Union (EU), the rules for non-bank payment solution providers are undergoing a European legislative process. The European Payment Services Directive (PSD), amended in 2015 and to be implemented into national law by the beginning of 2018, will create a standard legal framework in which the providers of payment initiation services will be subject to state control and have to observe standard technical regulation standards in the performance of their services.
The perception of an inconvenient check-out experience caused by overly stringent authentication can risk impacting upon merchants’ conversion rates. Ecommerce Europe recommends expanding the definition of “strong authentication” to include “multi-factor authentication” methods. It is essential for the growth of e-commerce that regulation facilitates and stimulates innovative authentication methods rather than focusing on only one method.