New EU Payments Rules: Will Europe Stay Open for Business?

Imagine that the online purchase of your flight ticket is blocked, that you suddenly can’t download a movie on your Smart TV, or can’t access your firm’s online accounts. This could be a reality for millions of European consumers when complex new EU payments rules enter into force in September.

The EU’s revised Payments Services Directive is a forward-looking piece of legislation aimed at improving competition, innovation and trust in the banking sector. The adopted Directive includes new, well-intended Strong Customer Authentication (SCA) requirements for companies to make online payments more secure. The SCA requirements essentially stipulate that in order for payments to be accepted, users will need to authenticate a payment using at least two out of three elements: Something the customer knows (e.g. PIN code or password), something the customer has (e.g. phone or token), or something the customer is (e.g. fingerprint or facial recognition).

It is now evident that the September 2019 deadline for industry to implement SCA was overly ambitious. All players in the payments value chain are struggling to meet these requirements in time. For instance, not all cardholders are enrolled in SCA-compliant solutions. A recent study found that only 44% of businesses expect to be ready by the September deadline. This creates major unintended risks for millions of European consumers to complete their daily online purchases.

Furthermore, smaller European firms risk being disproportionately impacted. They don’t have the resources to prepare for the new security requirements. They also risk being unable to access their online accounting systems.

The new EU requirements also risk blocking transactions where there currently is no new secure technology available. That includes situations where you rent a movie directly via your Smart TV.

Europe’s overall economy risks losing an estimated €57 billion if the EU requirements go into effect as planned on the 14th of September.

Luckily, the European Banking Authority last month issued an Opinion that allows national authorities to provide “limited additional time” to issuers and acquirers to migrate their customers to compliant authentication solutions.

The delay of enforcement can provide industry enough time to allow technical issues to be resolved. In the meantime, consumers can rely on existing working technology.

Hopefully, national authorities will adopt, in consultation with all relevant consumer and industry groups, a collective migration plan. This plan could be based on a European roadmap to avoid inconsistent national enforcement from fragmenting the European Single Market. Ideally, the revised EU Payments Services Directive will manage to improve competition, innovation, and trust – while keeping Europe open for business.