Postponing higher security standards for electronic payments is unacceptable

PRESS RELEASE - 25.09.2019

Two influential banking and retail payments lobby groups [1] have asked for lengthy delays to the introduction of new security standards that would make online banking and payments safer.


These standards [2] should already have entered into force on 14 September across the EU, but the European Banking Authority opened the door to delaying them earlier this year. It will decide on the length of the delay in the coming weeks.

At a time when online card fraud is growing year-on-year [3], these improved security standards are essential to make the online environment safer for consumers.

For The European Consumer Organisation (BEUC), it is inconceivable that banking groups who have known about these new rules since 2015 are given a lengthy delay. We also want banks and payment service providers to properly inform consumers of the changes that will occur, as consumer awareness of the new rules is currently very low.   

Monique Goyens, Director General of The European Consumer Organisation (BEUC), said:

“Most transactions online still require just the card number, its expiry date and a 3-digit code on the back of the card. That is an invitation to fraud. The figures speak for themselves: online card fraud is growing year-on-year and it’s not like we can’t do anything about it. The banks and other payment service providers have had 4 years to prepare for these new security standards, so it is shocking that they are instead asking for derogations as long as 18-36 months!

“Some banks are already applying the new standards. There is therefore no reason to give lengthy derogations to other banks which didn’t get their house in order [4].”


[1] The lobby groups in question are the (EBF) and the . The latter’s members include Amazon Payments, PayPal or American Express. The signatories to the EPIF letter include Ecommerce Europe, Visa and Mastercard.

[2] These standards are part of the revised Payment Services Directive (PSD2).

[3] See European Central Bank, (2018) chart 1a.

[4] Barclaycard has already signalled that it has implemented the new rules and not noticed an impact on transactions .