first off something does need to be done about credit card fraud online ...

i do think that 10 euros is somewhat low, especially as 'contactless' is available in bricks and mortar stores for under £20

however in a way it will advantage me as a small retailer, as i feel the one click payment options really help the likes of amazon, if it was 'harder' to pay on their site, it would encourage many to shop elsewhere, after all laziness is a big driver and that's why many people shop on amazon. (i include myself)

To an extent, there has been an "opt-in" additional level of security available for quite some time. Some card issuers require a username and password to be inserted prior to the card details being processed (3D security). No doubt it is safer, but it can be a pain. I recently switched banks and I was revived to discover my new card was not enrolled in this scheme.

One issue I can see is, will card issuers enforce these proposed new security features or will they also be opt-in. if it is the later, will the level of protection against account fraud differ?

Mack.

The current proposal goes a good way past a simple username and password though (which can be saved in the browser for my card that is part of the program). The article states:

Mr Richards said under the plans, payments above €10 would require proof of at least two of the following:

• a possession of the consumer, eg a card or phone
  
• something known by the consumer, eg a password or code
  
• a biometric feature of the consumer, eg a fingerprint

In practice a passcode generator as already often used for online banking. One for my personal account and one for business is enough to manage, two more for my credit cards would be OTT.

On the other hand 3D security should be enforced more, If anything usage seems to be declining.

The most commonly used online payment system iDeal in the Netherlands has already an extra verification step at the bank's website before the payment is authorized. I am not under the impression that this has severe effects on online sales. People are used to it and it may give an extra feeling of safety to some that not an unknown online site owner is processing the financial part of the order, but their own bank.

topr8 I believe it's now up to £30

I also have a service with a two-step verification process, similar to lammert, and it works fine, imho. Nothing will process until you have that last step in place, even if you have stolen a card.

I've not heard of the description of "3D security."

I wonder if there's insufficient joined up thinking going on here from the EU. With a phone and credit cards, when visiting a store, you can use contactless to make a payment, and that current limit is above the proposed €10. As far as i'm aware, there is no further verification required: no pin, no further ID checks, etc. Steal a phone or a credit card and you're able to process contactless payments, even if they are relatively small. I know, that's not the same as online, of course, because the person has to be in attendance, with the card or phone, to process payment. With online, it could be anyone with the stolen details.

I'm happy to see some changes, but it should be across the board, and consistent, whatever service it is.

Oh, and I like the way that one of my card processors makes an automated contact to me when processing something. It's pretty much instant. The system double-checks it's me through various security measures before it authorises the payment. Not every time, but for certain values of transaction, and i've noticed it's also for certain types of transaction, such as airfares, technology, and in general, what may be classed at luxury items. So far it's never contacted me at the supermarket while i'm buying breakfast cereal and toilet rolls. I quite like the system, and i'm used to it. No more embarrassment in a line when a payment doesn't process and you're standing there talking on the phone while other people hear that your card is declined.

There's no doubt that there are now additional measures that can be used, such as biometrics. I just hope that there is consistency throughout as the fragmentation of payment systems and procedures is becoming confusing for consumers and for business.

If it's €10, why not make it any transaction, or raise the level to the same as contactless.

This will only make it harder for small buisnesses and will just benifit...amazon and other big tech companies. YAY FOR BREXIST

It's been in place for 15 years already and quite the contrary, it will benefit smaller retailers as this primarily is for stored card detail websites, so a user on amazon will enter the code every time. Hackers are getting details of 40 million people a time on certain websites, some with card details if not cut off from an account.

As for the BBC's article, written by an idiot and interviewed an idiot from VISA which runs 'Verified by Visa', doesn't matter if it's Black Friday or Shrove Tuesday, if everyone has to enter a code, it takes the same time to purchase that amazing deal on cheap globalisation tat from Vietnam or Bangladesh. An item that was upped by 20% over the course of a year to give you 10% off just before Christmas.

VISA should be happy, who pays more for transaction fees, Amazon or small retailer? VISA will be very happy if people move away from Amazon to smaller retailers. I don't think it will have any effect whatsoever. When you have to enter pin with your contactless card in a shop, do you give up and walk out?

More useful article here:

[computerweekly.com ]

I've not heard of the description of "3D security."

It is,"3D Secure", a collective name for a system used by the three big card issuers:

[mastercard.com ]