Heightened payment security could hamper usability, says Visa

The European Commission's European Banking Authority has detailed plans to heighten payment security, however payment provider worry this could greatly hamper usability.

Should there be more research into the effects of these changes?
Should there be more research into the effects of these changes?

The European Commission's forthcoming Payment Services Directive 2 (PSD2) has released proposals to make consumers go through extra security checks for many online payments.

The plans would force consumers to enter passwords or codes for online transactions above €10 (£8.50), under new anti-fraud plans from the European Banking Authority (EBA).

The EBA will publish its final proposed standards on 12 January 2017. These standards are in response to the requirements of the Payment Services Directive (PSD2) which mandates SCA for all electronic payments.

If approved, the changes will come into force during 2018, several months before the UK is expected to leave the European Union.

The European Banking Authority said it had to make a "difficult trade-off" between a high degree of security in retail payments and customer convenience. The plans have come under fire from Visa and other payment companies.

"We are currently in the process of assessing whether the trade-offs we made achieve the right balance and which, if any, changes we will need to make before finalising the technical standard and publishing it at the beginning of next year," it said in a statement.

Visa has warned that new European rules on e-commerce threaten to seriously disrupt online shopping and cause inconvenience for consumers. This would particularly heighten during busy periods such as Black Friday, the annual pre-Christmas discount bonanza.

Independent consumer research carried out in five European countries on behalf of Visa, highlighted that 95 percent of European consumers spend over €10 when shopping online, meaning that these measures would affect millions of shoppers.

These steps would be felt most strongly in the UK, however, as UK consumers are the most prolific online shoppers of those markets surveyed – 63 percent regularly shop online, compared with the European average of 51 percent.

For UK online shoppers, the changes are likely to lead to more frustration and more cart abandonment. In fact, the survey found that over half (52 percent) of consumers would abandon purchases if more steps were added to the checkout.

Peter Bayley, chief risk officer, Europe at Visa, said in a statement: “These new proposals threaten to seriously disrupt the way we all shop. The plans will bring a host of complications and inconveniences including more declined transactions and longer and more complicated checkout experiences with little if any benefit to consumers.

“Managing payments is always about balancing security and convenience. If you tip the balance too far one way, you end up making it either too difficult or too risky for consumers to make purchases wherever, whenever and on whatever device they want. Either way it annoys consumers and damages businesses' potential to sell their goods and services.”

Robert Capps, VP of business development at NuData Security, told SC: "We'd tend to support Visa's stance on this issue in several ways. While it may seem that adding more identity tests to the transaction stream should make the transaction more secure, this isn't necessarily true. If the test is vulnerable to impersonation, as we see with physical biometrics, or is as vulnerable as passwords, no number of additional touchpoints will make the transaction more secure.”

Capps added: “The larger point here, however, is that adding friction to the transaction stream will absolutely result in increased cart abandonment rates and reverses a trend toward less friction that we have been striving for. The key is to find that balance between security and customer experience. Stray one way or the other and you've got revenue losses in the form of fraud or revenue loss in the form of customer unhappiness.”

Research commissioned by Semafone has revealed that consumers are putting themselves at risk of fraud, simply by refusing to take data security seriously.

The survey, conducted by Tlf Research among 2,000 UK residents revealed the following statistics:

  • People care more about bank fees than they do about security. Only 24 percent of respondents would change their bank if it suffered a data breach compared to 41 percent who would change banks if charged too much in fees.
  • Consumers aren't worried about losing financial data. Just over half (52 percent) are concerned about losing payment card details and only 54 percent are concerned about losing bank account details.

CEO of Semafone Tim Critchley commented: “Consumers appear to be failing to take data security seriously, which is a cause for concern. In the UK this is particularly worrying, considering that card-not-present (CNP) fraud accounts for three quarters of the £88.5 million that is lost every year though fraudulent card transactions. And it's on the increase!”

Sign up to our newsletters