Although Internet technologies have radically changed the landscape for certain industries, including publishing, entertainment and telecommunications, the payments sector is still standing on the brink of its own revolution.
Europe is home to many companies that are world leaders in electronic transaction technologies, such as chip-and-pin bank cards and chip-enabled point-of-sale terminals. These technologies, recently adopted by the United States for all American bank cards, had the benefit of one essential and significant supporting factor: an internal European market that was not fragmented.
The upsurge in online payments poses a real challenge for the industry. Bank cards were not designed for distance payments (the chip can’t be used, the plastic card itself disappears in an electronic wallet or mobile phone).
It is essential for Europe to provide an environment where new payment technologies can flourish. Whereas today, the distance payments landscape in Europe is very fragmented. There is no common definition of “electronic consent” by a consumer for a distance payment. According to European Regulation No. 260/2012 the merchant’s Payment Services Provider is responsible for ensuring that the payer gives consent in the form of a mandate. The regulation refers to Directive 2007/64/EC, in which member States inform users of the form of consent and the procedure to follow when giving consent. To our knowledge, there is no text that precisely describes what constitutes valid consent. In some countries, written consent is required, in others checking a checkbox will suffice, and in others there is no validation of any kind. How can we hope to create a single market when German and Italian consumers have completely different user experiences?
The recent European regulation on cross-border recognition of electronic signatures is a step in the right direction, but it still falls short of creating a true European market. The regulation focuses primarily on pan-European recognition of the signature for public procurement. The ECB issued recommendations for security of distance payments, which must be implemented by February 1st, 2015. It specifically recommended using “strong customer authentication” (such as sending a single-use code by SMS) for all distance payments. But these are only recommendations, which have no force of law at the present time.
The same holds true for use of personal data for payments. In some countries, it is much easier to use “scoring” technologies than in others, like France. These technologies reduce merchants’ non-payment risks, thus allowing them to lower their prices, as well as to offer customers a much smoother purchasing experience.
The positions of each of the Member States with regard to electronic signatures and access to personal data are all perfectly legitimate. For the most part, they are the product of social and historical contexts that are difficult to ignore. But if we don’t manage to create a common space for virtual payments in Europe, foreign players outside of Europe, or those that have established a presence in the most open European countries, will take advantage of our inconsistency.
Although the payment methods we are using today are still, for the most part, the same ones we were using 20 years ago, it is certain that ten years from now they will be completely different. The challenge we all face is to ensure that Europe retains its position, or even improves it, when it comes to perfecting innovative payment technologies.
European Regulation No. 260/2012 – Art 5(3)(a)(ii)
European Regulation No. 260/2012 – Art 2(25)
Directive 2007/64/EC (“DSP1”) – Art 42(2)(c) Member States are responsible for ensuring that the following information and conditions be provided to the payment service user: (…) the form of and procedure for giving consent to execute a payment transaction and withdrawal of such consent.
Legislative procedure 2012/0146(COD), final approved document P7_TA(2014)0282
Recommendations for the security of internet payments – ECB – January 2013.