Recent statistics highlight that fraud is on the rise across Europe with the total value of fraudulent transactions conducted using cards issued in Europe and acquired worldwide amounted to €1.33 billion in 2012, up 14.8 percent from 2011, according to research by the European Central Bank.
In response to this, the European Banking Authority have released a set of measures in the form of security guidelines designed to increase the safeguardsfor online payments. The guidelines aim to provide a benchmark for internet payment security across all 28 member states.
Increased fraud risk coupled with the surge in use of the internet for facilitating payments create a need for a general standard for best practice in security – the secure pay guidelines were written for this. A key feature of the guidelines is stronger customer authentication, whereby customers making payments must provide non-reusable security details at the point of payment initiation.
Application of the guidelines is not mandatory and as such the UK, along with Slovakia and Estonia have refused to apply them. The Financial Conduct Authority, the UK regulator commented that “it did not have the power without legislative change” to make binding rules requiring all payment services to comply.
By not complying with the safety guidelines, experts are concerned that fraudsters will attack countries that have not implemented the measures, as they will be seen as the weakest points in system, which leaves the UK significantly exposed.
Most of the UK banks security systems have standards much higher than what is being proposed by the EU, however there are some organisations with internet banking portals that will not meet the minimum benchmark requirements. This will put UK customers at risk and leave the industry exposed which would increaseregulatory scrutiny in the future should the weaker systems be exploited.