The fight against payment fraud is not only a battle between merchants and cyber criminals, it’s also a battle to find a happy medium between security and convenience.
The European Banking Authority (EBA) struggled to keep customer advocates happy after it proposed that the new threshold for two-factor authentication (2FA) would be just €10, meaning that even low-value transactions would require stringent identity verification.
Ecommerce advocates argued fervently against this, posing the question – when does security become more of a problem than a benefit?
Under Strong Customer Authentication (SCA), buyers need to complete a combination of two elements – inputting one-time codes, using a physical card reader, entering a pin, or using a fingerprint – in order to complete their purchase.
The main worry for online retailers and issuers was that if customers are constantly challenged with extra steps to verifying their identity, then abandonment is sure to rise. Visa criticised the proposed change by stating that it is an “inconvenience … with no benefits for consumers” and “a significant threat to future innovation and Europe’s future growth”. It estimated that €11.2 billion of European online sales would be at risk should the EBA proceed with a €10 threshold.
The EBA has asked people to recognise the benefits of the new regulations, designed to provide a strong foundation for cybersecurity and save businesses from rising threats including Man in the Middle (MitM) attacks, database hacks, and point-of-sale fraud.
After receiving a backlash once the proposed regulations were announced, the EBA has since reconsidered the threshold value and announced a compromise to keep all parties happy.
Preferences ranged from €10 up to €50, so the EBA decided on the middle ground figure – €30. The new ruling also offers exceptions to customer authentication on purchases of less than €500, but this will only remain should instances of fraud stay below their preferred rate.
Further benefits of the new regulations include having a mechanism for customers to give their consent before money is taken from their account. This step could help prevent friendly fraud as it should deter a number of impulse purchases that lead to buyer’s remorse.
We agree that more stringent rules are required to combat rising online payment fraud, but we don’t believe that customer satisfaction – and, inevitably, merchant profit – has to be lost because of this.
The recent announcement of the higher €30 threshold should help ease fears of the costs of compliance exceeding the value of goods. Nonetheless, these changes in security mean that risk mitigation will be vital for future success in Europe. Those who recognise and respond to impending opportunities will be able to create a proactive strategy to capitalize on them.
If you’d like to understand how the new regulations will impact your business or contact Global Risk Technologies or our subsidiary Chargebacks911 today to create a comprehensive risk mitigation strategy.