Recent and ongoing European regulatory changes will have a significant impact on the global payments landscape. Mohamed Dabo reports

Payment companies can benefit from proactively tracking and monitoring regulatory developments in Europe and understanding their independent and combined impact on the business.

Europe has long spearheaded change for much of the payments industry. From instituting tighter interchange rules to accelerating cross-border payments to implementing new customer data protections, regulators in the EU have set the pace for much of the world.

The impact of these initiatives— aimed at unifying the continent and setting the stage for open banking— continues to play out, dominating concerns for that region’s issuers, acquirers, merchants, consumers and others.

And like previous moves, much of what Europe is currently pursuing could make its way to the rest of the world.

“I definitely think we inspire other markets,” said Andrea Dunlop, Chairwoman of the Emerging Payments Association. “A lot of people look at what we do in the UK and Europe as a reference point.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Electronic Payments International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

They take the lessons learned from some of the things they see here and, hopefully, refine it better for their markets.”

Making cross-border payments easy, efficient, and secure

Payment Services Directive was issued with the intention of making cross-border payments as easy

For more than 20 years, EU officials have sought to unify the monetary system throughout its now-27 member countries through a series of industry-changing guidelines.

With an initiative that began in 1999, European officials implemented the Single Euro Payments Area in 2008 to create a seamless market for cross-border payments and bank transfers in euros.

As part of that effort, the first Payment Services Directive was issued with the intention of making “cross-border payments as easy, efficient and secure as ‘national’ payments within a Member State,” according to the European Commission.

Regulators later turned their attention to the interchange fees charged to merchants. With the Interchange Fees Regulation (IFR) in 2015, officials pushed the industry to cap various fees for card usage and provide more transparency.

Most recently, regulators extended those caps to interregional fees (applied to foreign travellers visiting Europe)—limits applied specifically to Visa and Mastercard that were voluntarily adopted by Discover.

Today, the most pressing regulatory issues for the industry in this market of more than 500 million people (including the UK) have been:

• The General Data Protection Regulation (GDPR). Implemented in 2018, GDPR, intended to deal with internet-based entities, affects “every company that uses the personal data of individuals in EU member states no matter where that personal data is acquired, processed, or used.” Primarily aimed at bolstering data protection and privacy, while harmonizing EU members’ data privacy laws, noncompliance brought steep financial penalties.

• The revised Payment Services Directive (PSD2). This updated directive, which took full effect in 2019, was aimed at the payments vertical, partly driven by increased fraud for online payments, the rise of new payment players, and the arrival of application programming interfaces (APIs). Requiring payment service providers (PSPs) to obtain a payment license from a member country, the impact of the directive is expected to increase competition and open banking by bringing non-banking institutions more fully into the payments market.

• Strong Customer Authentication (SCA), issued as part of PSD2, is arguably the most pressing and challenging aspect of PSD2. Originally slated to go into effect in 2019, it was delayed after facing pushback from the financial services industry and merchants. The recent impact of COVID-19 has further increased the pressure for delay. SCA is currently targeted for implementation in the UK in September 2021, and while the EU previously delayed it to the end of 2020, many expect an additional extension to be granted.

SCA Dominates the Landscape

By far, the SCA component of PSD2 is seen as the biggest current hurdle for merchants and the industry, affecting “every business operating on the European payments market,” according to a report from the Aite Group.

Indeed, “Europe stands to see €57 billion in online purchase volume abandoned during the first year of SCA as a result of added friction introduced at checkout,” representing nearly 10 percent of all online sales in the EU as of 2019, according to a 451 Research report.

Designed to increase security of online transactions, the SCA requires two of the three following methods of authentication for customer-initiated, card-not-present payments within the European Economic Area, including:

• Something the customer knows—such as a password or PIN.
• Something the customer has—including a smartphone or hardware token.
• Something the customer is—by affirming a fingerprint, facial recognition, iris scanning or behavioural biometrics.

Some potential challenges

Although exceptions apply for certain transactions, including low-value purchases, recurring payments, or verification from the payer that the merchant is trusted, the difficulty in implementing these standards has made the industry nervous.

Lower sales conversion rates, transaction declines, and the inability of some third-party processors to continue their services are just some of the potential challenges if service providers (merchants, acquirers, and issuers) do not use the exemptions and are not fully prepared for SCA requirements.

“We’re reaching out to all our merchant and acquiring partners to make sure they’re fully aware of our requirements, so that customers and merchants have a seamless experience when the new liability rules kick in,” said Chris Winter, Vice President of Global Acceptance at Discover Global Network.

One of the key methods emerging to address SCA’s requirement is the adoption of 3D Secure 2 (3DS2), an updated version of 3D Secure, which is issued in various brand names, including an enhanced Discover ProtectBuy for Diners Club International and Discover.

Discover Global Network is encouraging its partners to move to the 3DS2 protocol as soon as possible, Winter said, especially given the potential impact on merchants throughout the EU and the more than 100 major airlines that have international service establishment agreements with the company.

“We’re reaching out to all our merchant and acquiring partners to make sure they’re fully aware of our requirements, so that customers and merchants have a seamless experience when the new liability rules kick in.” Chris Winter Vice President of Global Acceptance, Discover Global Network

For the banking sector, the challenges are equally steep. “Regarding card payment and especially e-commerce, PSD2 introduced an important paradigm shift: The decision to rely on SCA no longer belongs to merchants, but to the issuer,” said Regis Folbaum, Head of Payments & Data at La Banque Postale in Paris.

With more than 8 million cards outstanding, the bank has prepared for the change by migrating to the 3DS2 infrastructure with Discover and has worked to support its internal entities, front-line and middle-office teams and customer groups, including consumers, commercial partners, and merchants.

“The challenge for banks is to find out the right balance between a frictionless customer journey and an optimized fraud management,” Folbaum said.

Ecommerce payment regulations

The European Union has implemented new requirements for authenticating online payments under the Payments Services Directive (PSD2).

These measures will bring significant implications for businesses involved in ecommerce, selling products or services online. Providers of merchant services will also need to ensure that their online payment gateways are compatible with the PSD2 regulations.

The PSD2 directive calls for stronger customer authentication in order to minimize the risk of fraudulent online transactions.

These measures will change the way online payments are processed, ensuring online payment gateways more secure for over 300 million European consumers.

Compliance with the Payment Services Directive means that anyone completing a payment in the EU over the value of €30 must provide 2 factor authentications.

This applies to all online payment transactions in the EU regardless of whether the payee is within the EU at the time of purchase.

Typically, 2-factor authentication requires the customer to supply a one-time code received via a text, email, or phone call to authenticate their payment.

The 2-factor authentication will make the customer payment experience more complex by adding another layer of security to online purchases. Companies should be aware of the customer experience implementing this requirement. If the process proves too cumbersome it could result in fewer purchases and decreased online sales.

A Global Impact for Years to Come

Given the impact of these recent EU moves, industry observers are keeping a close eye on the continent for hints of what might be coming to their shores.

How much these new regulations will migrate to affect the merchants and the payments industry around the world is unclear for now.

But the industry has seen the introduction of IFR push the international debate of interchange even further, for example, and how GDPR affected businesses globally, even providing inspiration for a similar initiative in California.

“It’s fair to say EU regulations have either direct implications [for] the global payment industry or influence other entities around the world,” Winter said. “Other markets look to Europe when it comes to introducing new regulations.”

In fact, he said, versions of PSD2 and its push for open banking could very well be heading to Brazil, Mexico, and Japan.

Still, while some of these significant challenges for the payments industry could easily go global, the potential benefits they could bring also should not be overlooked.

Greater open-banking capabilities, increased convenience for consumers, and much of today’s innovation in the industry can be tied directly to the impact of EU regulatory action.

“These regulations can be painful and it’s a lot for companies—whether you’re a payments company or a merchant—to wade through,” Dunlop said. “But I think if you go into it with the right view, which is it’s about transparency, it’s about doing the right thing.”

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up