EU proposals to make consumers go through extra security checks for many online payments have come under fire from Visa and other payment companies.
Consumers would need to enter passwords or codes for online transactions above €10 (£8.50), under anti-fraud plans from the European Banking Authority.
The regulator said it was trying to balance security with convenience.
But payment company Visa said the plans could be “catastrophic”, and banks and retailers have expressed concerns.
Shoppers would face disruption, particularly during busy periods such as Black Friday – the annual discount day that falls this week.
One-click shopping and automatic app payments would also effectively be blocked for payments of more than €10, experts said.
Visa warned of “serious disruption” from blocking such express checkouts, which it said now accounted for half of European e-commerce sales.
The damage would be worst in the UK, because online shoppers there were the most prolific in Europe and e-commerce was important for economic growth, it said in a statement.
“We do not normally take such a strong position on regulation,” Kevin Jenkins, managing director of Visa UK and Ireland.
“It’s just that in this particular instance we feel so strongly that the risk of rushing into legislation, which could take you back 10 or 15 years, is catastrophic,” he said.
Visa’s chief risk officer for Europe, Peter Bayley, also said there was no evidence the inconvenience would reduce fraud.
The changes are under consultation, and if approved, will come into force during 2018, several months before the UK is expected to leave the European Union.
Most of the responses to the consultation focused on the €10 security checks, Tim Richards, a payments expert at Consult Hyperion, said.
“All the UK banks and payment institutions are working on this. They do not think this is something they can ignore,” he added.
A MasterCard spokesman said it was concerned the “overly prescriptive approach of how fraud should be reduced” would undermine the regulator’s overall goal.
In its consultation response, Paypal said “unfriendly” security checks would affect “almost any digital payment, regardless of the actual risk posed”.
Mr Richards said under the plans, payments above €10 would require proof of at least two of the following:
- a possession of the consumer, eg a card or phone
- something known by the consumer, eg a password or code
- a biometric feature of the consumer, eg a fingerprint
The European Banking Authority said it had to make a “difficult trade-off” between a high degree of security in retail payments and customer convenience.
“We are currently in the process of assessing whether the trade-offs we made achieve the right balance and which, if any, changes we will need to make before finalising the technical standard and publishing it at the beginning of next year,” it said in a statement.
The changes are part of the European Commission’s forthcoming Payment Services Directive 2.