Delay looming for new security standards of online card payments, but shorter than feared

BEUC NEWS - 22.10.2019

The European Banking Authority (EBA) is accepting a delay to the application of new security standards for online card payments until December 2020. Fraud for online card payments is increasing year-on-year [1] and new standards are urgently needed. The new rules should have applied as of last month, but banks, payment providers and online merchants in some countries had asked for lengthy delays of up to 3 years because they were not ready [2].

 

The delay called for by the EBA is 16 months, which represents a shorter delay than the lengthy delays some industry groups had asked for. The EBA also calls for banks and payment providers to put in place campaigns to inform consumers of the changes related to the new rules. Consumers are mostly unaware of what may be required of them with the changing of the rules.

The new security standards are part of a directive approved in 2015 (Payment Services Directive 2). Online card payments above €30 would require consumers to provide at least two of the 3 following criteria: something he has (for example the card) something he knows (for example a PIN code) and something about himself (for example a fingerprint). This is expected to decrease fraud for online card payments in the future.

During this transition period, the EBA stresses that consumers will not bear any liability for transactions they did not authorise in which merchants did not apply the new security standards. 

[1] See European Central Bank, Fifth report on card fraud (2018) chart 1a.

[2] See public documents from the European Banking Federation (EBF) and the European Payment Institutions Federation.