You can find the PDF version of the letter here.
In May 2021 the European Commission put forward a legislative proposal for a trusted and secure electronic Identity (eID) Regulation for the EU. The Commission rightly noted in its 2020 consultation on the matter that, in a hyper connected world, the ability to establish individual identities of natural persons, legal entities, and machines that interact accurately, quickly and securely is going to be critical and has a considerable potential for wealth creation
To date, instead of adopting the existing electronic identification, authentication and trust services (eIDAS) regime, businesses (including banks) have largely focused on other technologies to, for example, perform strong customer authentication (SCA). These businesses have generally adopted lower quality solutions which leave the consumer exposed to fraud and with weak legal certainty. Many of these standards have originated from big US technology companies which are outside the EU sphere of control.
The European Fintech Associations (ETPPA, EPIF, EFA, EDFA, and AEFI), believe the EU should focus on the provision of a ubiquitous interoperability standard that works online and offline, in proximity and remotely, and that would allow multiple public and private sector organisations to participate in the proposed EU eID regime. Member states will issue eIDAS credentials into an EU Digital Identity Wallet (EUDIW) smartphone app, which all service providers can take advantage of to, for example, perform SCA.
Keeping payments inside the scope of the EU eID Regulation is of utmost importance. As regulated payment service providers, we would like payers to authorise payments, access account information, and sign direct debit mandates using their eID in their EUDIW.
Today, there are already several privately issued eID applications (e.g., ItsMe in Belgium, MitID in Denmark and BankID in Sweden) that are being offered and accepted by banks for the initiation of a payment. These eID applications offer the lowest levels of fraud and user abandonment rates in the industry and are an example of what the EUDIW could achieve in a much more open way if payments are retained in the proposed regulation.
The Mobile SEPA Credit Transfer (MSCT) working group of the European Payments Council (EPC) has already investigated the potential use of an EUDIW for payment use cases and described how this could be achieved with the standardisation of interfaces between the EUDIW and Point of Sale software in a proximity scenario where the payer might be offline or for person-to-person (P2P) payments where both could be offline. The offline P2P use case is especially relevant for the digital euro. Furthermore, combining payments with identity attributes (e.g., address or proof of age) and/or the signing of documents with a single touch of a finger will facilitate further innovations, for example in the area of Smart Contracts.
Finally and principally, digital identity should be able to substitute physical identity documents in any situation where such verification and authentication of a citizen or business is required. It would not be reasonable to inhibit digital innovation by excluding entire industries from the scope of the regulation, as suggested recently by some bank associations. Keeping payments in scope and developing such interoperability standards, will allow consumers to make instant payments using their smartphone in a frictionless standardised and non-proprietary manner across all EU countries. This will not only benefit consumers, businesses and fintechs, but it will also add to the EU’s continued wealth creation.
Jointly signed by:
ETPPA - European Third Party Providers Association (www.etppa.org)
EPIF - European Payment Institutions Federation (www.paymentinstitutions.eu)
EFA - European Fintech Association (www.eufintechs.com)
EDFA - European Digital Finance Association (www.europeandigitalfinance.eu)
AEFI - Asociacíon Española de Fintech & Insurtech (www.asociacionfintech.es)