Time and again, the European Commission and European Banking Authority (EBA) have demonstrated their backing of the banking industry at the expense of the European e-commerce sector and the growth of the Digital Single Market. Ecommerce Europe urges European legislators to reject the unreasonable Regulatory Technical Standards (RTS) on Strong Customer Authentication until their potentially detrimental impacts are fully understood.
Ecommerce Europe fully supports the need to address, and reduce, the rising levels of fraud in Card-Not-Present electronic transactions. However, the European Commission and EBA’s proposed one-size-fits-all approach will create unreasonable and inconvenient burdens on online customers, putting European online merchants at a further disadvantage to their traditional brick-and-mortar and non-European competitors.
“Online businesses depend on the customer checkout and payment transaction processes being safe, private and protected. This is fundamental to any merchants’ operations,” said Marlene ten Ham, Secretary General of Ecommerce Europe, adding that “it has become clear throughout the drafting process of the RTS, that European regulators are prioritizing their quest to reduce fraud-levels over the success of Europe’s digital economy. The European Commission and the EBA continue to punish online merchants and their customers, not the fraudsters for their bank or Payment Service Provider’s failure to address their own fraud-levels.”
A substantial part of the growth in e-commerce is being driven by the rapid increase in mobile commerce and mobile payments solutions. However, in light of mobile shoppers, who tend to abandon the checkout process after the first step, a forced application of complicated and burdensome authentication methods poses a fundamental risk to online merchants. As the direct point of contact for customers, it will be online merchants, in particular SMEs, who will suffer through the forced and unreasonable application of Strong Customer Authentication, not their bank or Payment Service Provider.
Since the RTS’ inception, the European Banking Authority’s approach to balancing enhanced security, competition and convenience has been controversial. The EBA’s initial draft envisioned all online transactions above €10 to go undergo enhanced security measures. This clearly demonstrates the EBA’s striking misunderstanding of the digital economy and its sole focus on protecting financial institutions from the risk of fraudulent transactions.
Only after a concerted pan-industry effort did the EBA, against its initial judgement, concede to allow for exemptions to Strong Customer Authentication as mandated under the Level-1 legislation. It is apparent that the European Commission and the EBA continue to punish online merchants and their customers, not the fraudsters, for their bank or Payment Service Provider’s failure to address their own fraud-levels.