Response to discussion on RTS on strong customer authentication and secure communication under PSD2
Go back
strong customer authentication and secure communication under the revised Payment Services Directive (PSD2)
British Retail Consortium response
February 2016
Summary: The BRC and payment card acceptance
The British Retail Consortium is the lead trade association within the UK for the entire retail industry — an exciting, diverse and dynamic industry undergoing transformational change. Our industry spans large multiples, independents, high streets and out of town, from online to bricks and mortar, selling goods across all industries from clothing, footwear, food, homeware and electronics, health & beauty, jewellery and everything in between, to increasingly discerning consumers. UK retail employs 3 million people and sales in 2014 amounted to £333 billion, generated by 60 million customers making 120 million transactions per week. UK retail is therefore one of the largest acceptors of payment products, of which an increasing proportion are electronic payment cards.
For over 20 years, the BRC has been at the forefront of the campaign for equitable interchange fee rates for card payments in the UK and against the anti-competitive rules imposed by card schemes, which have restricted choice for retailers and rendered the fee structure for such payments opaque. In 2014, the interchange fee cost British retailers in excess of £1 billion. We therefore wholly welcome EU Regulation 2015/751 (IFR) together with the UK Regulation 2015 No. 1911 and the appointment of the Payment Systems Regulator (PSR) as the UK’s competent authority to oversee most of its implementation.
Historically the BRC worked as part of team that developed the technical standards for handling chip and pin transactions but over recent years as more card payment transactions occur through a multiplicity of sales channels and devices; the need for individual customers to know and have confidence in how payments are handled securely is becoming critical for all customers and retailers.
From our members perspective it is critical that any changes introduced to technical standards as part of the revised Payment Services Directive (PSD2) should augment and strengthen the payment standards that exist within the UK today. Any enhancements proposed must ensure that our retailers and their customers can complete sales transactions in a simple, quick and efficient manner that is appropriate to the value of transaction and the sales channel being used. Retailers are open to consider customer authentication proposals even if they ultimately lead to different solutions for each of the different sales channels provided that the customer journey for each transaction type is not compromised and maintains the following principals through each sales channel:
• Simple and easy for our customers to authenticate themselves whatever the sales channel and/or device they choose to use
• achieves the required level of security to guarantee payment by the card issuer and/or payment provider for the transaction
• the technical standards should define the principals required for strong customer authentication rather than state this is exactly how it should be done.
• Is cost effective and simple for retailers to implement
• an individual retailer should be able to choose how to implement strong customer authentication that is appropriate to their individual business model – implementation should not be mandated
Any technical standards defined in the future should clearly demonstrate to the retailer the rationale and benefits of their implementation without necessitating those technical standards to be mandated for all parties involved in the end to end payment transactions.
The benefits of having a collaborative approach that takes account of individual market needs should create a more competitive environment within which suppliers can operate whilst customers feel secure in spending their money whichever sales channel and/or environment they choose to use. For retailers it is key that the payments market retains as a minimum its existing competitiveness particularly within the acquiring and payment service providers (PSPs) arenas. The implementation of any technical standards that does not have some degree of flexibility could have the unintended consequences of reducing the number of market players and the type of payment methods developed, particularly frictionless, if the cost to implement and maintain those standards is not considered to be reasonable. Consideration must also be given to the legal structure within any country (in our case the UK) which already protects consumers.
From the information provided it is difficult for retailers to understand what the end to end benefits of the current proposals for new technical standards are. In any future documentation retailers believe it should clearly define what the benefits are alongside the planned outcomes associated with the changes proposed. For example how will the PSD2 changes sit alongside the international card scheme rules for customer authentication – will the card schemes be mandated to change their rules and if so by when?
In conclusion the BRC believes that the EBA should have the customer and the ease of use of any proposals at the forefront of the proposed technical standards rather than the implementation of new security standards that appear to be driven by technical solutions developed to tackle aspects of the payment transaction.
The BRC looks forward to being kept informed of all future developments and on behalf of UK retailers would welcome the opportunity to discuss with the EBA any of the points raised within its summary on this discussion paper. If there are any questions these should be addressed to Tom Ironside and Anne Walters at the BRC.
Contact Details
Tom Ironside Tom.Ironside@brc.org.uk Tel: 020 7854 8955
Anne Walters Anne.Walters@brc.org.uk Tel: 07974 944 217
1. With respect to Article 97(1) (c), are there any additional examples of transactions or actions implying a risk of payment fraud or other abuses that would need to be considered for the RTS? If so, please give details and explain the risks involved.
EBA Discussion Paper on future Draft Regulatory Standards onstrong customer authentication and secure communication under the revised Payment Services Directive (PSD2)
British Retail Consortium response
February 2016
Summary: The BRC and payment card acceptance
The British Retail Consortium is the lead trade association within the UK for the entire retail industry — an exciting, diverse and dynamic industry undergoing transformational change. Our industry spans large multiples, independents, high streets and out of town, from online to bricks and mortar, selling goods across all industries from clothing, footwear, food, homeware and electronics, health & beauty, jewellery and everything in between, to increasingly discerning consumers. UK retail employs 3 million people and sales in 2014 amounted to £333 billion, generated by 60 million customers making 120 million transactions per week. UK retail is therefore one of the largest acceptors of payment products, of which an increasing proportion are electronic payment cards.
For over 20 years, the BRC has been at the forefront of the campaign for equitable interchange fee rates for card payments in the UK and against the anti-competitive rules imposed by card schemes, which have restricted choice for retailers and rendered the fee structure for such payments opaque. In 2014, the interchange fee cost British retailers in excess of £1 billion. We therefore wholly welcome EU Regulation 2015/751 (IFR) together with the UK Regulation 2015 No. 1911 and the appointment of the Payment Systems Regulator (PSR) as the UK’s competent authority to oversee most of its implementation.
Historically the BRC worked as part of team that developed the technical standards for handling chip and pin transactions but over recent years as more card payment transactions occur through a multiplicity of sales channels and devices; the need for individual customers to know and have confidence in how payments are handled securely is becoming critical for all customers and retailers.
From our members perspective it is critical that any changes introduced to technical standards as part of the revised Payment Services Directive (PSD2) should augment and strengthen the payment standards that exist within the UK today. Any enhancements proposed must ensure that our retailers and their customers can complete sales transactions in a simple, quick and efficient manner that is appropriate to the value of transaction and the sales channel being used. Retailers are open to consider customer authentication proposals even if they ultimately lead to different solutions for each of the different sales channels provided that the customer journey for each transaction type is not compromised and maintains the following principals through each sales channel:
• Simple and easy for our customers to authenticate themselves whatever the sales channel and/or device they choose to use
• achieves the required level of security to guarantee payment by the card issuer and/or payment provider for the transaction
• the technical standards should define the principals required for strong customer authentication rather than state this is exactly how it should be done.
• Is cost effective and simple for retailers to implement
• an individual retailer should be able to choose how to implement strong customer authentication that is appropriate to their individual business model – implementation should not be mandated
Any technical standards defined in the future should clearly demonstrate to the retailer the rationale and benefits of their implementation without necessitating those technical standards to be mandated for all parties involved in the end to end payment transactions.
The benefits of having a collaborative approach that takes account of individual market needs should create a more competitive environment within which suppliers can operate whilst customers feel secure in spending their money whichever sales channel and/or environment they choose to use. For retailers it is key that the payments market retains as a minimum its existing competitiveness particularly within the acquiring and payment service providers (PSPs) arenas. The implementation of any technical standards that does not have some degree of flexibility could have the unintended consequences of reducing the number of market players and the type of payment methods developed, particularly frictionless, if the cost to implement and maintain those standards is not considered to be reasonable. Consideration must also be given to the legal structure within any country (in our case the UK) which already protects consumers.
From the information provided it is difficult for retailers to understand what the end to end benefits of the current proposals for new technical standards are. In any future documentation retailers believe it should clearly define what the benefits are alongside the planned outcomes associated with the changes proposed. For example how will the PSD2 changes sit alongside the international card scheme rules for customer authentication – will the card schemes be mandated to change their rules and if so by when?
In conclusion the BRC believes that the EBA should have the customer and the ease of use of any proposals at the forefront of the proposed technical standards rather than the implementation of new security standards that appear to be driven by technical solutions developed to tackle aspects of the payment transaction.
The BRC looks forward to being kept informed of all future developments and on behalf of UK retailers would welcome the opportunity to discuss with the EBA any of the points raised within its summary on this discussion paper. If there are any questions these should be addressed to Tom Ironside and Anne Walters at the BRC.
Contact Details
Tom Ironside Tom.Ironside@brc.org.uk Tel: 020 7854 8955
Anne Walters Anne.Walters@brc.org.uk Tel: 07974 944 217