Merchants Need to Plan for Stricter EU Credit Card Measures
In efforts to secure the safety of credit card transactions and tackle payment fraud during the authentication process, the EU will be rolling out its new SCA regulations across all member states, changing the way banks or payment services providers verify their customers’ identity and validate specific payment instructions.
More specifically, under the new rules dubbed “Strong Customer Authentication” (SCA), as of September 14, credit card holders will be able to make contactless transactions – ie without having to use PIN code – for amounts not exceeding 150 euros. For amounts over that PIN verification will be required.
Though store purchases will be unaffected, sector experts are warning that online purchases may suffer serious disruptions.
It should be noted, that the majority of consumers appear to be unaware of the new rules.
Indicatively, Britain’s retailers and sector stakeholders have warned that the lack of industry readiness for the 14 September deadline may result in the failure of 25-30 percent of e-commerce transactions.
Many Still Unfamiliar with SCA Rules
At the same time, a study carried out by payments software company Stripe in May found that Europe could lose 57 billion euros in economic activity in the first 12 months after the implementation of SCA, noting that three in five businesses with under 100 employees were either not familiar with SCA, did not plan on being compliant before September, or were unsure when they will be ready.
In response to market concerns about the industry’s readiness, EU regulators (the European Banking Authority) said they would show “supervisory flexibility” announcing on June 21 that “on an exceptional basis and in order to avoid unintended negative consequences for some payment service users after 14 September, NCAs [National Competent Authorities] may decide to work with payment service providers [PSPs] and relevant stakeholders, including consumers and merchants, to provide limited additional time”.
The SCA regulation for online payments is part of the EU’s Second Payment Services Directive (PDS2) which requires banks to open their payments departments and customer data archives to third parties, allowing the development of enhanced customer authentication systems.
The SCA rules foresee “two-factor authentication”, ensuring that many payments will need users to provide two of three means of verifying their identity, either by card or mobile phone with a passcode, pin number or password, fingerprint or face recognition.
In the meantime, in efforts to ensure the preparedness of all parties involved, in an August 1 statement co-signed by lobbyists as well as Visa and MasterCard, the European Payment Institutions Federation (EPIF) called for an 18-month extension “and perhaps longer for certain sectors and in clearly defined use-cases, with key milestones and clear and consistent metrics”.
Speaking to Global Government Forum, EPIF chair of the executive board Elie Beyrouthy said: “We are concerned that Europe may end up with a fragmented landscape if the EBA does not adopt a common roadmap that would cover the 28 EU member states. This is essential to keep a similar customer experience across the EU.”
In Greece, a study carried out last year found that a total of 60 percent of travelers visiting Greek destinations paid for 14 billion euros worth of transactions by card in 2017. Broken down: 64 percent of card payments were made for accommodation purposes, 16 percent for food, and 5 percent on shopping.