The introduction of strong customer authentication across the European payment industry will force contactless card users to take extra security steps

contactless card payment

Strong customer authentication could make contactless card payments less convenient

New security measures introduced across the European payment industry could have a detrimental effect on contactless card transactions, according to an analyst.

Strong customer authentication (SCA) rules were implemented on 14 September as part of the EU’s revised Payment Services Directive (PSD2), requiring payment providers to introduce extra steps for customer verification.

Two-factor authentication is now mandated across the European Union, meaning banks and other financial service providers must ask users to verify electronic transactions of more than €30 by passing a secondary security step, such as entering a PIN, passcode or biometric identification.

The view from business intelligence firm GlobalData is that these additional layers of security could prove a hindrance to those using contactless cards – particularly in the UK – to pay for goods.


EU payment security rules could promote mobile wallets for contactless payments

GlobalData senior payments analyst Samuel Murrant said: “The new EU rules will undermine the convenience of contactless card transactions, potentially providing an opportunity for mobile wallets to take a more prominent place in the market.

“The UK is a nation of contactless card enthusiasts, with 68% of consumers surveyed by GlobalData in 2019 reporting that they use a contactless card to make payments at the point of sale.

“The use of contactless cards is primarily driven by their convenience compared to cash and other cards, and introducing a point of friction for transactions on a regular basis will reduce the convenience of these cards.

contactless payment security
Payment volumes by type 2007-2017 (Credit: UK Finance, UK Payment Markets 2018 report)

“By comparison, mobile payment options will appear more convenient, since the user never needs to enter a PIN.”

In 2017, cards overtook cash as the most common payment method used in the UK thanks largely to contactless technology.


SCA security could undermine the convenience of contactless card payment methods

PSD2 and SCA are an attempt by European policymakers to shore up digital payment infrastructures across the union, and reduce customer exposure to fraud in digital money transfers.

Payment fraud is a costly problem for the finance industry, and a real concern for customers.

Figures from the European Central Bank show that card-not-present fraud – a term that refers broadly to cases of online payment deceit – is now the most prominent type of card-based fraud across Europe.

contactless payment security
NatWest’s new biometric payment card (Credit: NatWest)

In 2016, it accounted for 73% of the €1.32bn total value of card fraud losses in the Single Euro Payments Area (SEPA) – a 2.1% increase on the previous year.

While strong customer authentication will make it more difficult for fraudsters to impersonate customers online, those who have got used to using contactless cards at points-of-sale may find the requirement to enter their PIN more regularly off-putting.

Murrant added: “This measure does address consumer concerns about the ease of fraud on contactless cards if stolen or lost, but in doing so it curtails their main strength – convenience.

“We may see the deployment of smart payment cards with in-built biometric fingerprint readers in response to the SCA regulations, but it seems more likely that consumers who strongly value convenience in payments will instead move to mobile wallets.”