Policy & Regulation

How strong should customer authentication be?

Updated 28 November 2016

On 28 November we were co-signatories to an open letter sent to Commissioner Dombrovskis (the European Commissioner in charge of Financial Services and Financial Stability) setting out the key arguments in favour of retaining a risk-based approach to Strong Customer Authentication.

For more on this issue and how we can fix it, please read our article on Politico by Peter Bayley, our Chief Risk Officer, and find our Position Paper and Response to the EBA’s consultation, Visa Vision blog post and press release below:


Event: September 2016

To discuss the issue of the future of e-commerce in Europe, Visa and thinktank the Center for European Policy Studies (CEPS) brought together a panel of experts and a capacity audience in September 2016. We discussed the proposed new EU rules on electronic payments authentication or, put more simply, how we verify that the person who’s paying is the right person.

The clear consensus from the event was that the proposals of the European Banking Authority (EBA) on strong customer authentication won’t improve consumer security or convenience. The bottom line is that they may hamper the creation of a Digital Single Market in Europe.

Security and Convenience in payments: Can consumers have it all?

Event: Brussels, 10 February, 2016

With the digitisation of payments, new regulatory frameworks are emerging as legislators and regulators balance security with risk and assess the required levels of oversight and control. The European Banking Authority has been asked to develop standards for a consistent framework for all payment providers and users.

The Strong Consumer Authentication event, held in Brussels on 10 Feb 2016 was an opportunity to discuss how this might work.

For an in-depth analysis by Peter Bayley, our Chief Risk Officer, go to Politico.eu, the Brussels-based European edition of the global nonpartisan politics and policy news organisation.


Innovative Payments in the Digital Single Market

Event: 26 May 2015

On 26th May, Visa Europe and MLex hosted an exclusive event examining how innovative payments can support economic growth in the Digital Single Market. Held in the heart of Brussels, a full room enjoyed expert views from retailers, start-ups, media and thought leaders, joined by MEP Eva Paunova and Martin Bailey, acting head of DG Connect Digital Single Market Unit, European Commission.

Watch the Highlights

E-commerce: Security or Inconvenience

Regulation in the fast changing digital world

How can entrepreneurship and innovation be encouraged?

Meet the Experts

MEP Eva Paunova (BG, EPP): Member of IMCO and of the Digital Agenda Intergroup

Martin Bailey: Acting Head of Unit, Digital Single Market, DG Connect

Gary Stewart: Director, Wayra UK

Eva Kaily: Member of the European Parliament, Greece.

Read more about the discussion

During the course of the event, panellists hit on a number of key themes to drive economic growth through payments innovation, showing Visa Europe’s commitment to understanding and developing innovative payments that unlock growth in the Digital Single Market (DSM). Discussion explored the right balance between trust and convenience in e-payments to best serve consumers, what real innovation looks and feels like and how regulation can help innovation and entrepreneurship to flourish.

Whilst trust is fundamental, innovation to create an improved consumer experience is the driving force behind digital growth. This is because innovation’s primary purpose must be to create a product that people love and want to use, something ‘sticky’, as described by Gary Stewart from Wayra, Telefonica’s start-up accelerator.

Disruptive innovation changing markets, panellists discussed seeking regulatory innovation to cause positive disruption in how we govern markets. Something everyone is interested in, because of the speed and scale of digital change. It was really exciting to hear industry and regulators exploring together what smarter regulation looks like, not least assessing how more co-regulation and self-regulation can play a role in ensuring new regulation only intervenes where there are blockages to innovation.

At Visa Europe, we are committed to the journey and will continue to drive collaboration from the heart of industry, to help understand change and develop digital solutions to everyday life that can create growth across the Digital Single Market.

News coverage of Visa Europe's stance on EU legislation

A 5-part series published in the European Voice looks at the European Commission’s proposals to revise the Payments Services Directive (PSD2) and a Regulation on Interchange Fees for card-based transactions (IFR). They also reflect the findings from research conducted by Ipsos MORI in September 2014 amongst consumers and retailers in Italy, Germany and Belgium. The results reveal potential unintended consequences the proposals will have if adopted in their current form.

In an exclusive interview with viEUws, Peter Møller Jensen – Director EU and Government Relations/Regulatory Affairs at Visa Europe – discussed the impact of European Union legislation regulating card fees with MLex correspondent John Rega.

Visa is constantly working at the forefront of technology to introduce new, easier, and more secure payment options for our customers and their customers across Europe.

Our products, services, and innovations meet the specific needs of our stakeholders – that’s European payment service providers, retailers, businesses, and consumers. In particular, we’re working with our European customers to create a larger, more open, dynamic, and competitive electronic payments market.

Europe's payment providers have traditionally operated a patchwork of distinct national payment infrastructures. However, it is universally accepted that everyone – payment providers, retailers, businesses, and cardholders – would benefit from a more open and consistent European payments market.

Creating an Internal Market for payments has and continues to be been an objective of the European Union. To meet this objective, it has introduced various initiatives throughout the years and most recently the Interchange Fee Regulation and revised Payment Services Directive (PSD2).

Visa supports the efforts to develop an integrated European payment market that fosters competition, innovation and security and brings benefits to all stakeholders, especially consumers.

About Interchange Fee Regulation

On 24 July 2013 the European Commission published a proposal for a regulation on interchange fees for card-based payment transactions. The Interchange Fee Regulation (IFR) was published in the European Union’s Official Journal on 19 May 2015 and entered into force on 8 June 2015. The Regulation introduces caps on interchange fees for debit and credit transactions as well as business rules and transparency requirements.

The provisions of the IFR had different dates of effect:

The following provisions applied as of 9 December 2015:

  • Article 3 (Interchange fees for consumer debit card transactions)
  • Article 4 (Interchange fees for consumer credit card transactions)
  • Article 6 (Licensing)
  • Article 12 (information to the payee on individual card-based payment transactions)

The following provisions applied as of 9 June 2016:

  • Article 7 (Separation of payment card scheme and processing entities)
  • Article 8 (Co-badging and choice of payment brand or payment application)
  • Article 9 (Unblending)
  • Article 10 (‘Honour All Cards’ rule)

Download the full text of the Regulation here.

About PSD2

On 24 July 2013 the European Commission published a proposal for the revision of the Payment Services Directive (PSD2). The PSD2 was published in the European Union’s Official Journal on 23 December 2015 and entered into force on 12 January 2016. Member States will have until 13 January 2018 to transpose it into national laws.

The objectives of the revised Payment Services Directive (PSD2) include creating more competition, increasing consumer protection and security and promoting innovation.

Some of the key changes may be found below:

  • Rules on access to payment account in the case of payment initiation services (Article 66)
  • Rules on access to and use of payment account information in the case of account information services (Article 67)
  • Ban on surcharging for regulated transactions under the IFR (Article 62(4))
  • Rules for Payment transactions where the transaction amount is not known in advance (Article 75)
  • Obligation to perform “Strong Customer Authentication“ (SCA) for all electronic payment transactions (Article 97)

Download the full text of the Regulation here.

About SEPA

The Single Euro Payments Area (SEPA) is an initiative that was launched by the European banking and payments industry (supported by the European Commission, Member State Governments, the Eurosystem, etc) to harmonise retail payments in euro. Within SEPA, consumers and businesses will be able to make euro payments across the entire SEPA area, under the same rules and conditions, regardless of their location. The SEPA Scheme Countries include the EEA countries and their outermost regions, Switzerland, Monaco and San Marino. The British Crown Dependencies of Guernsey, Jersey and Isle of Man have become part of the geographical scope of the SEPA Schemes with effect from 1 May 2016.

Find further information about what SEPA is here.

In 2009 the Card Stakeholder Group (CSG), a multi-stakeholder body representing retailers, vendors, processors, card schemes and the European Payments Council, was established to to support and promote European card standardisation with market-driven implementation. CSG develops and maintains the SEPA Cards Standardisation Volume (the SCS Volume). This document defines a standard set of requirements to enable an interoperable and scalable card and terminal infrastructure across SEPA, based on open and free standards. The CSG is currently in the process of being established as a legal entity and will be renamed as the European Card Stakeholder Group (ECSG).

Read the SCS Volume.

In February 2012 the SEPA Regulation was adopted with the objective to establish a true European Single Market for retail payments. The Regulation includes technical and business requirements for credit transfers and direct debits in euro, amending Regulation (EC) No 924/2009' (the SEPA Regulation). The original migration date of 1 February 2014 was amended to 1 August 2014. In non-euro countries, the deadline is set for 31 October 2016.

Read the full text of the Regulation here.

Other relevant EU Legislation

Relevant proposals currently under the EU legislative procedure

Online payments authentication: a risk based approach strikes the right balance between security and convenience

The Revised Payments Directive (PSD2) requires all payment providers to provide strong authentication for electronic payments and has called upon the European Banking Authority (EBA) to develop a definitive set of Regulatory Technical Standards to govern its use

Visa believes that a risk based authentication model provides the ideal balance between security and convenience and should be the cornerstone of the regulatory technical standards which the EBA has been asked to establish

Unblocking e-commerce

The European Commission has unveiled proposals to address geo-blocking, with measures to remove unjustified barriers to online cross-border trade. Tackling unjustified geo-blocking will help consumers across the EU to reap the benefits of e-commerce.