The European Banking Authority favours arbitrary box-ticking over data innovation

Written by FinTech Futures
3rd February 2017

Nick Wallace, Centre for Data Innovation: The EBA proposal is harmful to the economy

The European Banking Authority (EBA) recently proposed new rules that would require payment card operators to enforce additional security measures, such as passwords or security tokens, for all online transactions over €10.

Aimed at fraud prevention, these proposed rules mean that unless customers add vendors to pre-approved lists held by their card providers – and re-authorise them with the extra security measures every month – “one-click” transactions would become impossible.

This would affect not only online shopping sites like Amazon and Otto, but also services like Uber and Deliveroo that use in-app payments.

While fraud prevention is important, data-driven approaches offer far more sophisticated measures to address this goal. Rather than require card providers to use specific security measures, the EBA should allow banks to choose between different methods that combat fraud without creating unnecessary burdens on consumers – especially because the vast majority of online shopping transactions would be subject to the new rules since, according to Visa, 95% of online transactions in the European Union are over €10.

There are three main issues with these rules:

1. They are unnecessary. Banks and credit card companies have both better tools and the incentive to prevent fraud because they often have to cover the cost of it. This is why most already require additional security steps like the rules proposed for many online transactions. But not all do it every time, because there are other anti-fraud tools that minimise unnecessary hassle for the customer.

2. There are more sophisticated methods for preventing fraud. Many companies are using their ability to analyse massive volumes of data to identify fraudulent activity. For example, banks and card companies often monitor payment activity and gather data from merchants to determine when further checks are appropriate. Ride sharing companies, meanwhile, can analyse data such as location information and transactions details to assess whether a rider is using a stolen credit card.

3. They are inconvenient for consumers. For example, the EBA proposal has an exemption for payments that are of the same amount each time. But this does not lessen the burden for a consumer who consistently uses their bankcard to pay off their credit card each month, where it would be overkill to re-authorise the payment each time, even though the amount varies. A better option might be for companies to use machine learning to identify out of the ordinary transactions, such as using the card for a new online shopping account, a new delivery address, or from a foreign IP address. By using data to recognise patterns, the company can identify when it may be worth having some extra check and save the consumer the hassle of reauthorising the same payment each month.

The proposal is not only needless though; it is also harmful to the economy.

Punching codes into card readers and relaying the codes they produce is time consuming, security tokens get lost, and passwords are often forgotten. Customers are often unable to complete legitimate transactions, or give up because they cannot be bothered with the hassle. This cannot be helped when the possibility of fraud is sufficient to necessitate additional checks, but the proposed rules will reduce legitimate commerce for no reason at all.

Companies whose business it is to handle payments are better placed than regulators with limited experience in product design to decide the trade-off between security and ease of use – because it is profitable for these firms to maximise both.

The measures would seriously undermine many app-based services, like Uber and Deliveroo: how many customers will want to type out passwords or codes when they are trying to get a ride home on a cold night after a few drinks? Fingerprint scanners or facial recognition may suffice for those with phones that support these features, but that still leaves out many others. Of course, many governments have sought to protect the taxi industry by restricting or even banning Uber, so there will be some who will welcome this pernicious detail.

Payment cards, mobile, and other electronic transactions are convenient and efficient for both customers and vendors. E-commerce contributes hundreds of billions of euros to the European economy, and the European Commission estimates that the lower prices and wider choice it brings save consumers €11.7 billion per year.

Forcing people to jump through unnecessary hoops will only diminish these benefits, infuriate customers, and hurt businesses.

When it comes to cybersecurity, the banking industry is already well ahead of policymakers. The regulator is pushing a clumsy solution to a problem that is already being addressed by far more sophisticated means. Policymakers should reject the EBA’s proposal.

Nick Wallace, senior policy analyst at data policy think-tank Centre for Data Innovation

Fintech Jobs

Intesa Sanpaolo is the eurozone’s leading bank for shareholder value creation

20th November 2024

Analysis

The European Banking Authority favours arbitrary box-ticking over data innovation

READ NEXT

Leave a comment Cancel reply

Fintech Jobs

Related Content

Top stories

The hottest news this week

Media Packs

FinTech Futures Media Pack

FinTech Futures Sibos Media Pack

Webinar | 27 November 2024 | EMEA fintechs: unlock innovation with generative AI with AWS and NVIDIA

Webinar | 28 November 2024 | AI in financial services: Navigating the evolving regulatory landscape

Research report: Revenue enablement in financial services – 2024 global findings & insights

White paper: How AI is propelling innovation in financial services

Global survey report: Privacy in practice 2024

White paper: Cyberattacks in the financial services industry

E-book: The promise and peril of the AI revolution – managing risk

Report: It’s prime time for real-time 2024 – real-time payments adoption and growth around the globe

Banking Technology Magazine November 2024 issue out now

Upcoming events

Banking Tech Awards 2024

PayTech Awards USA 2024

Banking Tech Insights

What the FinTech? | S.5 Episode 21 | Taking open banking payments mainstream

Demystify Podcast: Demystifying legacy modernisation with Irene Sandler, CMO of Mechanical Orchard

What the FinTech? | S.5 Episode 20 | The future of fraud prevention – live at Money20/20 USA

What the FinTech? | S.5 Episode 19 | Driving growth and customer satisfaction in digital banking

Video: Experian at Money20/20 USA 2024 – Combining GenAI and rich data to drive innovation

Video: WorkWave at Money20/20 USA 2024 – Driving growth for field services companies

Video: Codat at Money20/20 USA 2024 – Innovation in B2B payments

Video: Form3 at Money20/20 USA 2024 – The evolution of instant payments

Video: DailyPay at Money20/20 USA 2024 – The growing demand for earned wage access

Sibos 2024 Content Hub – news and coverage from Beijing

Content Hub: Banking Tech Awards 2023 winners

FinTech Founders Video Series: how to build and run a start-up

V INVESTOR ALERT: Robbins Geller Rudman & Dowd LLP Announces that Visa Inc. Investors with Substantial Losses Have Opportunity to Lead the Visa Class Action Lawsuit

Coverdash Partners With LendingTree to Launch Its First-Ever Insurance Offering for Startups and SMBs

iCapital® Expands Model Portfolio Suite to Provide Exposure to Fast-Growing Private Companies

CSI Customer Consumers National Bank Celebrates 377% Growth Over 16-Year Partnership, Breaks Ground on 22nd Branch

Telness Tech partners with Lebara to Launch New Mobile Operator in Nigeria

Intuit Launches AI-Powered Intuit Assist for QuickBooks, Giving Millions of Businesses a Competitive Edge

Intesa Sanpaolo is the eurozone’s leading bank for shareholder value creation

Sensedia’s Open Finance Platform Recognized as API Specialist by Altitude Consulting