Bank Regulation

The EU's COVID-19 Contactless Limit — Too Little, Too Late?

Financial institutions (FIs) in the European Union (EU) and the United Kingdom are still thinking positively about open banking even as the COVID-19 pandemic creates obstacles.

FIs and their regulators are clinging to that vision even as they work to answer complicated questions brought about by the virus surrounding online payments, security and data privacy.

Regulators are addressing what data can be shared compliantly under the General Data Protection Regulation (GDPR), for example. EU and U.K. financial authorities are also fielding a rising number of questions from merchants seeking to understand how the Strong Customer Authentication (SCA) tenant of the revised Payment Service Directive (PSD2) can affect their acceptance of online and contactless payments.

Authorities in Australia and the U.S., meanwhile, are seeking to address changes in how their own merchants and consumers think about data privacy thanks to increasing online transactions.

In the latest Merchants Guide to Navigating Global Payments Regulations®, PYMNTS looks at how the pandemic is influencing open banking developments in the EU, U.K. and the U.S., among other regions. It also examines how the virus’s spread is influencing the creation and execution of data privacy laws in these countries, and what the impact of the pandemic will mean for the future.

Around The Data Protection World

EU merchants are still attempting to understand what SCA means for them during the pandemic as regulators look to make compliance easier. Merchants need to be able to settle payments quickly, which means they need to be able to determine the risks of these transactions just as quickly. Making sure the transaction risk analysis tools attached to online payments can swiftly determine their legitimacy is thus critically important, said Arjun Kakkar, vice president of strategy and operations for global identity verification solutions company Ekata, in a recent PYMNTS interview. This may mean that many merchants will need to reexamine how they are currently processing online transactions, he added, and what solutions could be employed for a more seamless experience.

Regulators such as the U.K.’s Information Commissioner’s Office (ICO) are also looking to reassure concerned merchants and financial entities wondering how they can comply with data protection rules like GDPR. The regulator has promised flexibility in how it will enforce this regulation as the virus continues. Its information commissioner, Elizabeth Denham, has promised to take the pandemic’s influence into account when examining companies and if they have stayed compliant with the rule.

One of the things GDPR monitors is the collection of medical data, something that has become more complicated during the pandemic. Several companies are also looking to respond to the need for tools and technologies that can help consumers navigate COVID-19 risk, without breaching EU rules like SCA and GDPR. The Fraunhofer Heinrich Hertz Institute for Telecommunications (HHI) in Germany has developed a mobile application that can help its users track the virus without breaching the data collection rules set up under GPDR. The app tracks the proximity of smartphones to other smartphones, rather than using medical or personal information, to determine the virus’s path and the potential risks of exposure. EU regulators have yet to confirm if the tool is fully compliant with GDPR, however.

For more on these stories and other news, visit the Tracker’s News & Trends.

How Regulators’ SCA Changes Could Spark Payment Innovation

Merchants in the EU and U.K. must authenticate their customers in accordance with SCA, especially as online transaction volumes rise. Strict authentication standards may put off customers from following through with their online purchases, however, which could prove detrimental to merchants operating under reduced budgets amid the pandemic. Regulators are making moves to address merchant concerns over this rule, including upping the contactless payment limit put in place under SCA to 50 euros ($54), but these changes could have larger implications for open banking.

PYMNTS spoke with financial and payments trade association UK Finance to discover how regulators are responding to SCA worries, and what those responses will mean for developing payments regulations.

COVID-19’s Impact on the Future of Open Banking

Both merchants and their customers want to be able to process transactions quickly and easily, something that banks as well as their financial authorities are working to enable with the development of their open banking networks. It is also important for regulators to keep the data that is flowing on these networks secure. The importance of striking the right balance between that necessary ease and security has been especially highlighted within the past couple of months.

Merchants that need to enforce authentication standards that are too stringent may see customers leaving their purchases behind. Regulators are therefore having to examine how the open banking networks active in their regions are handling increased online transaction volume due to the virus, and how they can make sure these transactions can be authenticated without risking consumer abandonment.

To learn more about open banking developments and the impact of the COVID-19 pandemic, visit the Tracker’s Deep Dive.

About The Tracker

The Merchants Guide to Navigating Global Payments Regulations® , powered by Ekata, is the go-to monthly resource for updates on the trends and changes regarding PSD2 as well as other privacy and data protection regulations.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.