Why risk-based approaches are the solution to electronic payments authentication

Ecommerce Europe is concerned that the proposed one-size-fits-all approach to authentication undertaken by the European Banking Authority won’t help the ongoing fight against online fraud. The European ecommerce association thinks it will only damage the European ecommerce sector and opts for a risk-based approach.

That’s why Ecommerce Europe calls on European legislators to apply pressure for a risk-based approach to electronic payments authentication. The European Banking Authority previously wrote a consultation paper (see story on the EBA’s plans) about how it wants to reduce the risk of fraud.

One of the proposals is to make consumers re-enter their password for online transactions above 10 euros. The European Banking Authority wants stronger customer authentication, but according to Ecommerce Europe it’s better to facilitate and stimulate innovative methods of electronic payments authentication rather than focus on only one method.

It’s statement said, “It is essential for the growth of ecommerce that regulation facilitates and stimulates innovative methods of electronic payments authentication rather than focus on only one method.

“Ecommerce Europe strongly endorses dynamic authentication methods such as risk management and targeted customer authentication methods, which have been proven to provide an equal level of security and payment fraud protection while preserving online merchants’ business models.

“The sector calls on the European Banking Authority (EBA) and European co-legislators to include provisions for dynamic authentication methods to facilitate a balanced approach to payments security and customer convenience in the EBA’s final draft regulatory technical standards.

“As proposed, the technical guidelines could have a damaging impact on investment and the future competitiveness of the European e-commerce sector as they are too restrictive and impose too burdensome procedures on online merchants and customers. If not changed appropriately, they put at risk the future of European ecommerce.”

Marlene ten Ham, Secretary General of Ecommerce Europe, said, “The unique selling point of ecommerce lies in its ability to provide the consumer with fast, convenient and safe methods to shop for any goods and/or services which would usually not be available to them.
“The ecommerce sector is increasingly moving towards providing tailor-made offers and options to customers, and customers in Europe have become used to this high level of convenience. As proposed, the one-size-fits-all approach to Strong Customer Authentication for all transactions above a €10 threshold threatens the intricate balance in checkout convenience, leading to a more cumbersome authentication process and an increase in shopping cart abandonments.”

Ecommerce Europe voiced its strong concerns that the one-size-fits-all approach to authentication undertaken by the European Banking Authority is going to prove inadequate in the ongoing fight against online fraud, thus contradicting the original spirit of the Payments Services Directive 2. As a more static authentication tool than risk-based approaches, Strong Customer Authentication fails to adapt to new and evolving parameters and fraud patterns.

A recent study by the consultancy Clever Advice demonstrates that dynamic authentication measures such as Targeted Authentication provide an equally safe alternative to Strong Customer Authentication. Targeted Authentication requires a level of customer intervention in the electronic payment authentication process that is relevant to the risk associated with each individual transaction.