Significant changes may be coming to European payments legislation and below we take a look at how merchants may be affected.

New ways of paying

New draft payments legislation stemming from a European directive called the Payment Services Directive 2 (PSD2) is looking to regulate ways of paying which are popular in continental Europe and force banks across the EEA to give access to providers of these services. These services are called “payment initiation” and can be set up by online retailers as an additional payment method at the online checkout.

Instead of paying online using a card, a customer would be able to initiate a credit transfer from its bank account directly in real time. Rather than paying interchange fees, the merchant would instead pay the payment initiation service provider a set-up fee and a small fee per transaction.

What are the key impacts for you?

  • Increasing customer choice – allowing customers to pay using their familiar online banking details can attract customers that do not like sharing their card details online.
  • Competition – offering this alternative method of payment may be a way for merchants to differentiate themselves and some are already looking at becoming “payment initiation service providers themselves rather than purchasing the service from a third party.
  • Real-time transaction confirmation – meaning that you will be paid more quickly.

Strong customer authentication

A new proposed security regime will make it harder for customers to pay, create more complexity for retailers and, in the case of online payments, increase the number of transactions which are abandoned.

PSD2 is looking to introduce a concept called strong customer authentication (SCA), which requires in scope transactions to be subject to a two factor authentication process, involving at least two of the following factors:

  1. Something you know (e.g. a password);
  2. Something you possess (e.g. a card); and
  3. Something you are (e.g. a fingerprint).

The process is designed to protect the confidentiality of the authentication data and therefore reduce fraud. Payment service providers will be obliged to decline in scope transactions that are not strongly authenticated.

The end of risk-based authentication and one-click orders?

The European Banking Authority has produced draft regulatory technical standards to provide further detail of what is expected of financial institutions and retailers. Amongst many controversial measures, the EBA has made it clear that, subject to a small number of exemptions, acquirers must ensure that merchants support SCA for all payment transactions, bringing an end to the risk based authentication which is employed successfully today.

As things stand, many online retailers allow their customers to use one-click check-outs, allowing customers to enjoy a relatively seamless payment experience. There is a real risk that the one-click model will be prohibited if the draft standards remain as currently drafted. The draft standards fail to achieve a realistic balance between payment data security and ensuring a frictionless customer experience.

Other significant concerns stemming from the draft standards include

  1. the lack of clarity of whether face to face card payments should be in scope (and if they are, how it will limit when contactless payments can be made);
  2. the potential that 3D Secure may need to be updated (at significant cost) to be a compliant solution;
  3. the fact that the stringent standards will stifle innovation in a sector where we have seen increasingly innovative ways of paying in recent years; and
  4. the suggestion that the SCA regime will apply to retailers anywhere in the world if the relevant card issuer is within the EEA.


  • Risk-based authentication prohibited
  • One-click models prohibited
  • Less opportunity for the industry to continue to develop innovative ways of paying
  • Increased purchase abandonment
  • Contactless payments restricted

What does this mean for you?

The new European payments regime on the one hand brings with it new innovative ways to pay that some consumers will no doubt prefer but more significantly imposes onerous requirements which will lead to a significant increase in purchase abandonment, which may not be dissimilar from the impact of 3D Secure when it was first introduced by the online marketplace. What is being proposed risks being a step backwards from an environment of simple (yet safe) risk e-profiling and we hope that the EBA listens to the vast lobbying to come from the payments and retail sectors in the coming months to create a set of standards that acknowledges the importance of a seamless customer experience and the value of the risk based authentication methods already in place.