Twenty-seven e-commerce companies and lobby groups have asked the European Commission to change a draft proposal to regulate payment services, arguing that additional security measures will drive shoppers away from online platforms.
The Commission wants to cut down on online fraud by requiring consumers to use card authentication measures like reader devices, to scan their fingerprints or use other biometric checks for purchases that cost at least €30.
Higher value purchases are considered riskier. That means consumers will need to take an extra step to authenticate each purchase before it’s approved.
The EU executive is still finishing its draft of the proposal and will send it to MEPs and diplomats from national governments within the next few weeks, using a fast-track legal procedure known as an “implementing act”. MEPs and member states can either approve or reject the text within three months of receiving it, but cannot make changes to it.
The EU executive has argued that people will be more likely to shop online if they know it is safe. But e-commerce firms claim the legislation will have the opposite effect.
“Any extra click required to confirm a purchase can discourage the consumer from finalising the purchase. This hurts both EU consumers and traders,” the industry groups wrote in a letter sent on Monday (27 September) to Commission President Jean-Claude Juncker and eight other EU Commissioners, including Vice-President Valdis Dombrovskis, who is overseeing the draft legislation on payment services.
The letter, obtained by EURACTIV, was signed by DigitalEurope, a lobby group that represents Google and other big tech firms, as well as E-commerce Europe, an association representing Amazon, and EDiMA, which represents online platforms like Airbnb, along with 24 other companies and associations.
The guidelines risk “creating legal uncertainty for European sellers and traders. This could restrict their ability to offer products and services to customers across the European Union,” the letter says.
Some online payments can be exempt from the security rules if companies produce an analysis that proves they are low-risk. The tech firms asked the Commission to allow exemptions based on e-commerce retailers’ own fraud assessments, and not only on banks and online payment providers’ analyses.
A Commission official confirmed on Monday that the EU executive had received the letter. Commission staff involved in drafting the new legislation will meet with MEPs on Wednesday (27 September).
The Commission is not planning to change measures in the current draft that apply security measures to online purchases, EURACTIV understands.
According to a 2016 Eurostat survey, 68% of people in Europe had no difficulties shopping online. Only 3% of shoppers had experienced fraud in the previous year, meaning they did not receive what they bought or their credit card details were misused.
Fraud rates vary between EU countries: France had the bloc’s highest record of payment card fraud in 2013, at .07% of total transactions from French cards. That was more than 10 times the amount of fraud recorded in Hungary, Romania, Lithuania and Poland, figures from the European Central Bank show.
The Commission proposal outlines standards based on suggestions from the European Banking Authority. The proposal is supposed to tack on another legal measure to the so-called second EU payment services directive, or PSD2, which was approved in 2015.
Markus Ferber, the centre-right German MEP who is in charge of negotiations over the bill in the European Parliament, said changes to the latest version of the draft standards to make the rules apply to purchases of €30 or more will “limit the impact on online shopping”.
An earlier version suggested that purchases of at least €10 fall under the rules. The latest draft proposing secure payment authentication for higher value purchases will affect fewer online purchases.
“Especially when it comes to high transaction values, I do not think that consumers would mind an extra layer of security,” Ferber told EURACTIV.
Ferber’s office has received several complaints each week about the controversial draft guidelines as MEPs and industry groups await the Commission’s final proposal.
In addition to the security authentication measures, banks and online payment providers have also lobbied to change measures in the proposal that regulate how third-party services like Germany’s Sofort Überweisung or IDeal in the Netherlands can act as intermediaries and access customers’ bank accounts. Online payment providers have pushed for more access to bank account data.