The EBA one-size-fits-all approach to SCA – a risk to ecommerce

By imposing a one-size-fits-all approach to Strong Customer Authentication under the PSD 2, the EBA is risking the growth of ecommerce in Europe.

It is essential that regulation facilitates a balanced approach between customer convenience and security. While SCA provides a high level of checkout convenience, its application at the wrong place and at the wrong time can also negatively impact upon online merchants’ conversion rate. As proposed, the one-size-fits-all approach taken to impose SCA for all transactions above EUR 10 threshold is too restrictive and imposes too burdensome procedures on online merchants and customers. If not changed appropriately, they threaten online merchants’ business models and risk the future competitiveness of the European ecommerce sector.

Strong Customer Authentication is defined as an authentication based on the use of two or more elements (knowledge, possession and inherence) that are independent from each other, so that the breach of one does not compromise the reliability of the others.

The original spirit of the Payment Services Directive 2 was to stimulate diversity of innovative methods of payments authentication rather than focus on only one method. As the voice of the ecommerce sector, Ecommerce Europe strongly endorses dynamic authentication methods such as risk management and targeted customer authentication, which have proven to provide an equal level of security and payment fraud protection while upholding the highest level of customer convenience. Risk-based methods, in addition to knowledge, possession and inherence, also assess the potential risk of a transaction by taking into account behavioural factors such as the customer’s devices, shopping behaviour or customer loyalty.

Ecommerce Europe voices its strong concerns that the EBA’s one-size-fits-all approach to managing online fraud risk is going to prove inadequate in the ongoing fight against online fraud. As recent studies by Visa and the consultancy Clever Advice show, static authentication tools such as Strong Customer Authentication fail to adapt to new and evolving parameters and fraud patterns. Facilitated by ever-evolving technological advancements, online fraudsters continue to be one step ahead of the industry. This fosters uncertainty and security concerns for both online merchants and consumers and calls for measures of fraud protection which evolve with and are quickly adaptable to changing fraud patterns. Regulation, which only focuses on Strong Customer Authentication methods, fails to provide adequate protection against fraudsters in the medium to long-term.

Customers have become used to a high level of convenience when shopping online and ongoing trends in consumer goods developments reflects this. As such, Ecommerce Europe would also like to stress its concerns regarding the EBA’s provisions on dynamic linking, requiring the full independence and segregation between the channels, devices or mobile applications used to initiate and to authentication the transaction. Not least in light of the growth in (m)-commerce, this stipulation is highly impractical, undermined the developments in the mobile sector and imposes unnecessary burdens on online shoppers.

About Marlene ten Ham

Marlene ten Ham is the Secretary General of Ecommerce Europe. Marlene has 10 years of experience in the consultancy sector and is currently a managing partner of a consultancy company.

Company Ecommerce Europe

Ecommerce Europe is the voice of the ecommerce sector in Europe. Its mission is to stimulate cross-border ecommerce through lobbying and by providing in-depth research data. Ecommerce Europe provides more than 10,000 certified online companies across Europe with a European Trustmark, aiming to increase consumer trust in cross-border purchases.