EU Tightens Online, Offline Shopping Security Standards

The European Commission has signed off on new rules that they say will make it more secure for consumers purchasing goods and services from European Union members.

According to a Monday (Nov. 27) report by Reuters, the rules will update the European Union’s payment services law, requiring two security features for online merchants instead of a single password or just credit card details when making a purchase in person. Merchants must be able to accept a password, PIN code, card, mobile phone, iris scan or fingerprint scan. The exemptions for contactless payments of more than 50 euros will remain in place.

In addition, account holders must also give third parties permission to access their data and the new rules prevent FinTechs from obtaining data by using a customer’s security credentials, known as screen scraping. Removing that capability was a nod toward banks that have been bristling at the notion of forcing that customer data to be shared with FinTechs. On the other hand, banks must provide access to FinTechs by adapting the existing customer interface online or by creating a new interface for FinTechs, a win for the FinTech firms.

“These new rules will guide all market players, old and new, to offer better payment services to consumers while ensuring their security,” said Valdis Dombrovskis, European Commission vice president, in a statement.  

The new rules will take effect on Jan. 13, with some of the security measures not binding until September 2019. The European Banking Federation shared its thoughts on the new rules in a recent statement.

“At a time when cybersecurity becomes increasingly important, the EU risks introducing a system for online payments that is potentially harmful for bank account holders and the banks that offer these accounts,” the organization said.

The European Commission says that these rules aim to boost eCommerce for all European Union countries, thus fueling growth across its member countries.

The new rules aim to boost eCommerce for all European Union countries and thus fuel growth in the bloc.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.