Visa says E.U.’s strategy to password protect electronic payments may backfire
Visa said that the European Union’s planned strategy for combating fraud by implementing mandatory use of passwords or pin codes to authenticate all electronic transactions over 10 euros ($10.60) could potentially disrupt online shopping and may not boost security, according to a report by Fortune.
The European Banking Authority, the EU’s banking regulator, proposed in August draft technical standards to combat the growing occurrence of cybercrime and online fraud.
“These new proposals threaten to seriously disrupt the way we all shop online,” said Peter Bayley, Visa’s chief risk officer for Europe. “All of this inconvenience comes with no evidence that it will actually reduce fraud.”
Visa said e-commerce could plunge in Europe if these rules were adopted, as online shoppers will be averted by the new technical obstacles and any purchases outside the EU could potentially be blocked.
The credit card giant said payments to vendors outside the EU valued at more than 6 billion euros could be declined by network operators because foreign websites may not factor in the new security standards.
Payments of more 10 euros with apps such as Uber or on websites where shoppers have registered their payment cards would require verification codes.
“The EBA had to make difficult trade-offs between various competing demands,” said a spokesperson for the European Banking Authority. “These include the opposing objectives of achieving a high degree of security in retail payments against customer convenience.”
The EBA is set to make a final proposal at the beginning of 2017 and is considering whether to amend its draft text, said the spokesperson.
The European Commission will have to confirm the new rules, at which point, EU states and European lawmakers will make a final decision. However, they have rarely blocked decisions on standards based on previously agreed legislation.
Previously reported, Visa partnered with BioConnect to demonstrate a multi-factor biometric authentication experience that works across a range of devices and operating systems.