1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

EU vies to boost security for online payments

David Martin
November 27, 2017

The European Union has unveiled plans to make customer authentication securer. It will soon no longer be enough to just provide a password or credit card number when making an online payment.

Apple Pay on an iPhone
Image: picture-alliance/NurPhoto/J. Arriens

The European Commission on Monday unveiled new plans to "modernize Europe's payment services" and improve customer authentication online.

According to the framework, from next year online shoppers in Europe will require at least two independent items to confirm their identity before making a payment. One would be a physical item, such as a card or mobile phone, the other a password or biometric feature like a thumbprint.

Read more: Fintech minnows swim with banking whales

The Commission anticipates that the new payment solution will largely be provided by third party providers, commonly referred to as FinTech companies. Any bank offering online access to accounts will be required to work with FinTech companies in providing these new services.

Banks vs Fintech firms – Rivals or partners

04:11

This browser does not support the video element.

Valdis Dombrovskis, the European Commission vice president and also in charge of Financial Stability, Financial Services and Capital Markets Unions, said: "These new rules will guide all market players, old and new, to offer better payment services to consumers while ensuring their security."

The Commission said that the new framework, developed in partnership with the European Banking Authority and the European Central Bank, would "significantly reduce currentfraud levels for all payment methods, especially online payments," as well as protect users' financial data.

However, exceptions will remain in place for small payments and transactions, similar to those that currently exist for contactless card payments.

Alongside the increased security provisions, the Commission also announced new rules that would allow users to aggregate information from various bank accounts in one application.

The European Parliament and Council now have three months to scrutinize the new regulations and, if approved, they would be published in the EU official journal. Banks and payment service providers would then have 18 months to put the new security measures in place.

Skip next section Explore more
Skip next section DW's Top Story

DW's Top Story

Skip next section More stories from DW