Proposed European Union rules for beefing up card security could make booking and paying for travel with corporate cards unworkable, AirPlus International has warned. The second Payment Services Directive is scheduled to take effect in January 2018. AirPlus managing director Patrick Diemer described the relevant section as “not feasible,” telling BTN, “At the moment, it is completely unclear how we can implement this.” Diemer added that the corporate payments industry is united in its opposition. “We have spoken to American Express, MasterCard and Visa, and they all see the same problem and are advocating for the same thing,” he said.
The objectives of PSD2 include regulating new types of payment service providers, prohibiting card surcharges and improving the security of online payments. The outline of the directive has been agreed to for several years, but the draft technical standard created by the London-based European Banking Authority has thrown up an unexpected surprise for the card industry. The EBA is insisting that cardholder-not-present payments must be verified with strong customer authentication, or SCA, which requires two or more of the following elements:
- Something only the user knows, such as a password and answers to security questions
- Something only the user possesses, such as a PIN number the bank texts to the account holder to finish a transaction
- Something the user is, in other words: biometric identification
The “unforeseen consequence,” Diemer said, is that “in business travel, the cards are issued to corporations, not consumers. There is not an identifiable person sitting in front of the screen.”
The purported intention of SCA is to reduce fraud, which is a cost to issuers, but Diemer believes that, in this case, the cure is very much worse than the symptoms. “The reason we are advocating [against the SCA stipulation] is not just because we don’t know how to implement SCA. It’s also that the fraud rates in our industry sector are much lower than in consumer businesses,” he said. According to European Central Bank figures, one of every 909 transactions on credit cards issued to private individuals was fraudulent in 2013. In contrast, one of only every 39,683 transactions through the centrally billed AirPlus Company Account was fraudulent from January to August 2016.
To read more at Business Travel News, click here.