Out-Law Analysis | 05 Jun 2019 | 9:52 am | 2 min. read
Banks, fintechs and retailers are wrestling with the technical challenge of payment security standards as EU deadlines approach but, whilst compliance is the immediate priority and threat to transactions, those businesses must also look towards the longer term opportunities likely to arise from the wider push to open up access to data.
Insight into the progress being made towards a fully functioning open banking system in Europe was provided to delegates at the Money20/20 Europe 2019 conference in Amsterdam on Tuesday. Issues presented by artificial intelligence had dominated discussion on Monday.
As of 14 September, new strong customer authentication (SCA) requirements will apply to many payment transactions in Europe and necessitate a rethink of payment processes and technology by businesses impacted by the reforms.
... as many as 25 or 30% of e-commerce transactions could be declined in the immediate aftermath of the switch to SCA
The risks of failing to prepare properly for the approaching deadline are stark. Research discussed at Money20/20 that was commissioned by Stripe suggests that up to €57 billion of sales are at risk in the first year that the SCA rules apply. The study found that many businesses are unprepared for the forthcoming changes. Other industry figures are predicting as many as 25 or 30% of e-commerce transactions could be declined in the immediate aftermath of the switch to SCA.
It is clear there is a commercial imperative to expedite preparations for SCA and to seek some wriggle room from regulators. There’s no chance of legislative changes coming through ahead of the 14 September deadline, but regulators could agree to not enforce the rules for a transitional period – some have called for this to be as long as 18 to 24 months. Payments Compliance reported earlier this week that the UK's Financial Conduct Authority (FCA) is sympathetic to the idea of a transition period.
The SCA requirements are designed to address fraud risk and increase consumer confidence, particularly in parts of the EU where e-commerce is small, but for markets like the UK it is questionable whether this intervention is needed and may do more harm than good, reducing competition and innovation. For that reason the UK chose not to implement earlier versions of the rules set by the European Banking Authority; only a handful of countries did, but now all are compelled to do so.
... even the most seamless means of completing transactions currently, contactless payments, will be disrupted
Outside of e-commerce, for banks and fintechs seeking to deliver new payment services on the basis of the data access being enabled through PSD2 and open banking, their priority is in gathering as much information as possible about the technical solutions being developed by those that hold the data and testing the interaction of those APIs with their own systems to make sure that their services remain live without terrible user experiences.
Yet there is no escaping the real impact the new rules will have on the customer experience – even the most seamless means of completing transactions currently, contactless payments, will be disrupted as banks implement requirements to authenticate the identity of the payer in cases where certain financial thresholds are triggered.
Beyond the immediate technical challenges of today, though, are real opportunities for banks and fintechs to position themselves at the heart of a growing data decentralisation.
In future, we can expect the liberation of more data across other sectors and regions – the introduction of a consumer data right in Australia is an example of this. There should be a real push to ensure alignment of the standards developed in the context of open banking with those that might apply in other industries. This would open up commercial opportunities for banks and fintechs to provide new products and services using the broader datasets that will become available. This can be characterised as a medium-to-long term objective for industry and standard-setters globally.
Angus McFadyen and Luke Scanlon are experts in financial services and technology law at Pinsent Masons. Pinsent Masons is a sponsor of the Money20/20 Europe 2019 conference in Amsterdam, Europe's largest fintech event.
04 Jun 2019