2nd June 2020

How COVID-19 Has Impacted Online Payments Regulations

A lot has been said and even more has changed since COVID-19 became the new normal. One of the most obvious and consequential changes, has been the digital shift of almost every business, in every possible industry. An online presence is no longer optional, it’s where the game is actually lost or won. In saying that, the importance for a reliable, robust and trustworthy online payments system has suddenly garnered the attention it should have always had. Companies are now beginning to understand that the payment framework for online payments can be the deciding factor between success and failure of the business, playing an instrumental role in the decision-making process of customers. 

Apart from the technical and technological part of the online payment equation, there’s also the legal and regulatory side of things. Here at BigWPay, we frequently get the question of why a business should partner with a third-party vendor to deal with their online payments. Whilst this is an answer that could very well be the subject of an entirely different article, one of the main reasons for choosing an external partner, is not having to deal with the complex and ever-changing regulatory framework around payments. 

Today, we’ll have a look at a great example of that: the impact of COVID-19 on the online payments regulations. Partnering with the right partner means that the information we will relay below, is something your partner will have to worry, deal and adjust to, leaving you to do what you do best – run the business. 

Strong Customer Authentication (SCA) Extension

Europe’s revised Payment Service Directive (PSD2) was put in place prior to the pandemic in order to eclipse credit card information theft and fraud as related to online payments. The revised Directive  includes “strong customer authentication” (SCA) systems to ensure that nobody can use your card to purchase anything. 

The UK’s Financial Conduct Authority (FCA) describes the SCA as “The way your bank or payment services provider verifies your identity or validates a specific payment instruction is changing. These changes are designed to reduce the risk of a fraudster pretending to be you to steal your money.” 

To give you a better idea of what these changes entail, bear in mind that they need to include at least two of the following characteristics: possession, knowledge, or inherence. What does that mean? That authentication will only be successful when the enabler of the transaction will present something they have, such as a mobile phone, something they know, such as a password or PIN, and something they are, such as a fingerprint, or behavioural biometrics.

These changes proposed by the Directive, had an implementation deadline of 14 March 2021. As it was made public by the FCA in a recent statement, due to the Coronavirus pandemic, this deadline is now pushed to 14 September 2021. The initiative was followed by a similar statement from the European Banking Authority (EBA), removing their their National Competent Authority’s obligation to report by 31 March 2020 their readiness to meet the Strong Customer Authentication requirements for e-commerce card-based transactions.

The extension was not welcomed with open arms by everyone. Online payment fraud has been a problem for quite some time and these new measures were seen as a vital step in combating it for quite some time. 

“Online fraud was growing even before COVID-19 and one reason is that most online transactions require only the card number, its expiry date and the three-digit code on the back of the card,” Andrew Canning, a BEUC spokesperson told EURACTIV in a recent interview.

“Banks and payments providers have had more than four years to prepare for these new security standards – consumers cannot wait any longer,” he added.

Where Does That Leave Us? Where Does Online Payment Regulation Go From Here? 

The truth of the matter is that nobody could have foreseen or prepared for the pandemic. What has happened though, has opened the door to problems that we thought we had time to address. What the pandemic achieved was to turn the screw on more permanent and robust solutions to online fraud. 

Regulation has to tackle problems head on and there is no room for tolerance. This seismic shift towards online business and e-commerce means that online payments will become the de facto payment avenue for customers and businesses alike. What’s the solution? All things point to regulation based on biometric authentication. The literature on this new breed of technology has been around for quite some time and those who keep their ear on the ground are well aware that this has been in the works for quite some time now. 

Biometric authentication will blend the human element with online payments and simultaneously elevate the level of security and the customer experience. Whatever the future holds for online payments, make sure to check back on our blog as we will undoubtedly have it covered.