Payments security: do the EBA RTS on strong customer authentication create an open and secure market for retail payments in Europe?

Speakers: Kersemakers Silvia, Brien Pascale-Marie, Hönisch Matthias, Mohan-Satta Emma, König Pascal

We are most pleased to invite you to participate in an evening of discussion on the European Banking Authority’s (EBA) regulatory technical standards (RTS) on strong customer authentication and the creation of an open and secure market for retail payments in Europe with our distinguished speakers

  • Ms Silvia Kersemakers, European Commission, Retail Financial Services and Payments, DG FISMA;
  • Ms Marie Pascale Brien, Senior Policy Advisor, European Banking Federation;
  • Mr Matthias Hönisch, Head of Card Business Unit, National Federation of Cooperative Banks;
  • Ms Emma Mohan-Satta, Fraud Prevention Consultant, Kaspersky Fraud Prevention.

Ms Emma Mohan-Satta, Kaspersky Fraud Prevention will hold an introductory speech, while Mr Pascal König, Policy Advisor, E-commerce Europe, will be also present for comments.

The debate will be moderated by John Rega, Chief Correspondent, Financial Services at MLex.

This event was kindly sponsored by

About the debate

The European Banking Authority (EBA) published on the 23rd of February its final draft Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication. These RTS, which were mandated under the revised Payment Services Directive (PSD2) and developed in close cooperation with the European Central Bank (ECB), are meant to lay the first stone for an open and secure market in retail payments in Europe. The final draft RTS are – in the EBA own words – “the result of difficult trade-offs between the various, at times competing, objectives of the PSD2, such as enhancing security, facilitating customer convenience, ensuring technology and business-model neutrality, contributing to the integration of the European payment markets, protecting consumers, facilitating innovation, and enhancing competition through new payment initiation and account information services”.

The EBA received hundreds of replies to the two consultations organized on the very matter; these may have influenced the introduction of some changes in the final RTS draft. Firstly, there is a new exemption from strong customer authentication based on the level of risk of a payment, and this for payments up to 500 euro. However, this exemption can only be used if the payer’s payment service provider (PSP) has an overall fraud rate lower than the reference fraud rate specified in the RTS. This change is likely to be welcomed by the e-commerce industry, where strong customer authentication might generate user friction and therefore cancellations of purchases. An important question is however whether one-size-fits-all fraud rates will be usable across different industries, such as e-banking and e-commerce and whether the same thresholds are appropriate in a BtoB context. Furthermore, the EBA has deleted in the final draft RTS its initial requirement to use different channels, devices or mobile applications to initiate and authenticate payments; this seems to make it possible to use a single device, and even a single mobile app, to initiate and authenticate a payment. Also, unattended payment terminals have been exempted from strong customer authentication as well as remote payments up to 30 euros.

The EBA has now submitted the final draft RTS to the European Commission for adoption, after which they will be reviewed by the European Parliament and the Council. Overall, transactional risk analysis technology has gained importance in the final draft RTS. However, for this to work, PSPs will need to keep their fraud levels under control in order to meet the reference levels. At the same time, the RTS also provide more flexibility to use mobile apps to authenticate payments. However PSPs will need to protect these mobile apps against various threats.

Payments security: do the EBA RTS on strong customer authentication create an open and secure market for retail payments in Europe?

This event will be held under the Chatham House Rule. Participants are free to use the information received but neither the identity nor the affiliation of the attendees may be revealed. For this reason, unless explicitly authorised by PubAffairs Bruxelles, the filming and/or the recording of the event by any means are strictly forbidden.

The event will commence with a welcome drink at 7h00 pm, followed by a panel debate at 7.30 pm. After the panel debate there will be an opportunity for questions and discussions.

We look forward to seeing you at 7h00 pm on the 31st of May at Science14 Atrium, rue de la Science 14-B, Brussels.

All our debates are followed by a drink in a convivial atmosphere.

Follow the discussion on Twitter

#FinancialServices, #Payments