Visa has warned that new European rules on e-commerce threaten to seriously disrupt online shopping and cause inconvenience for consumers.
The European Banking Authority (EBA) has brought forward proposals for how it will implement what is called strong customer authentication (SCA). The plans include a “one size fits all” approach where every online transaction over €10 will require additional steps at checkout such as entering passwords, codes or using a card reader.
Independent consumer research carried out in five European countries[1] on behalf of Visa, highlighted that 95% of European consumers spend over €10 when shopping online, meaning that these measures would affect millions of shoppers.
These steps would be felt most strongly in the UK, however, as UK consumers are the most prolific online shoppers of those markets surveyed – 63% regularly shop online, compared with the European average of 51%.
For UK online shoppers, the changes are likely to lead to more frustration and more cart abandonment. In fact, the survey found that over half (52%) of consumers would abandon purchases if more steps were added to the checkout.
In practical terms, the proposals would mean:
- No more express online checkouts for consumers. This includes one-click checkouts even at stores where consumers shop regularly, and no more fast, automatic in-app payments where cards are already stored. Across Europe, express online checkouts currently make up half of all today’s total e-commerce sales, according to Visa’s data.
- Reduced access to online shopping outside Europe. The proposals mean that international websites selling to UK or European consumers will have to follow the new European rules or purchases will be automatically declined. This will impact 50% of UK shoppers who shop online from retailers outside the EU, according to the survey.
Across Europe, the changes will potentially impact approximately €6bn of transactions, according to Visa’s data.
- Longer queues and issues using cards at places like toll booths and parking where PINs are not required today.
Peter Bayley, Chief Risk Officer, Europe at Visa, said: “These new proposals threaten to seriously disrupt the way we all shop. The plans will bring a host of complications and inconveniences including more declined transactions and longer and more complicated checkout experiences with little if any benefit to consumers.
“Managing payments is always about balancing security and convenience. If you tip the balance too far one way, you end up making it either too difficult or too risky for consumers to make purchases wherever, whenever and on whatever device they want. Either way it annoys consumers and damages businesses’ potential to sell their goods and services.
“E-commerce has been a European success story in a time of weak overall economic growth but this initiative threatens to slow that growth and reduce the competitiveness of European businesses against competitors from other parts of the globe.”
The EBA will publish its final proposed standards on 12 January 2017. These standards are in response to the requirements of the Payment Services Directive (PSD2) which mandates SCA for all electronic payments.
Peter Bayley added: “All of this inconvenience comes with no evidence that it will actually reduce fraud. We have a system today that works, what we call risk-based authentication. This enables intelligent decisions about whether a particular purchase is low risk taking into account things like the device that’s being used and previous shopping patterns.
“Fraud on Visa cards today is low, tracking at less than 5 cents in every €100 spent. And consumers are protected from fraud losses anyway – all the risk is taken by the merchants and banks. They are prepared to accept that risk to give a seamless experience to their customers as they know this makes sales more likely and it’s what people now expect.”
Robert Capps, VP of business development at NuData Security, said “We’d tend to support Visa’s stance on this issue in several ways. While it may seem that adding more identity tests to the transaction stream should make the transaction more secure, this isn’t necessarily true. If the test is vulnerable to impersonation, as we see with physical biometrics, or is as vulnerable as passwords, no number of additional touchpoints will make the transaction more secure.
The larger point here, however, is that adding friction to the transaction stream will absolutely result in increased cart abandonment rates and reverses a trend toward less friction that we have been striving for. Given that the typical abandonment rate swings between 60 and 80 percent and this is so well-known there is even a WiKi for it, it seems highly punitive to enforce regulations that will further impact retailer’s bottom line. Ultimately, as these things almost always do, merchants will pass the pain down to consumers. Yes, consumers, who have already been forced to bear the brunt of security tests, false positives and false declines due to bolt-on security systems that can’t be engineered fast-enough or well-enough to take customer experience into the equation.
Adding this type of friction, especially automatic declines, will indeed see major disruptions in how we all shop, particularly if similar regulations are adopted elsewhere. The key is to find that balance between security and customer experience. Stray one way or the other and you’ve got revenue losses in the form of fraud or revenue loss in the form of customer unhappiness.
We work with many banks and merchants who, like us, want to provide customers with friction-free experiences. We do that through passive biometrics and behavioural analytics that enable banks and merchants to understand who their good customers are over the entire account lifecycle by using dynamic multi-layered behavioural data collected and analysed in real time as a consumer transacts. Given our success in determining who is a good user and who is not, plus what is good automation and what is not, we’re able to offer merchants and banks the unheard-of option in a security solution to provide premium customers with premium green-path experiences.”
[1] Populus interviewed 5,136 adults 18+ in the UK (1,096), France (1,011),Germany (1,004), Italy (1,016) and Spain (1,009) online between 2nd and 7th November 2016