The pan-European digital identity has set ambitious goals: Users should be able to use it for travel, government services, mobile driving licenses and more. Payment is expected to be an important use case. However, enabling the European Digital Identity (EUDI) Wallet to integrate with existing payment ecosystems and deliver new payment services is more complex than it sounds, according to a white paper from the EUDI Wallet Consortium (EWC).
EWC runs one of the large-scale EUDI Wallet pilots and gathers approximately 60 organizations, including Visa Europe, Digidentity, Amadeus and Finnair. Aside from payments, the consortium was granted pilots for travel and organizational digital identity.
The EUDI Wallet is expected to adapt to performing payment transactions, proving income, confirming age, or verifying account numbers for business users. In addition, it’s expected to help exchange attributes required by Customer Due Diligence (CDD) under the Anti-Money Laundering Regulation and Strong Customer Authentication (SCA) for online identification regulated by the Payment Services Directive (PSD2), according to the paper published in late October.
The current assumption is that payment service providers (PSPs) will be required to accept EUDI wallets for Strong Customer Authentication (SCA). EWC argues, however, that the upcoming Payment Services Regulation (PSR) and its Regulatory Technical Standards has some limitations for PSPs to accept the EUDI Wallet.
“The EWC has concluded that it is therefore unrealistic to expect thousands of PSPs to establish bilateral outsourcing agreements with dozens of EUDI wallet providers across the EU for the purposes of SCA,” the paper notes.
The organization recommends standardizing the Strong Customer Authentication (SCA) method and has developed a solution where banks (PSPs) remain in control of the authentication decision.
The developed solutions consist of two parts, including a one-off registration process where the PSP places a “payment wallet attestation” or “SCA credential” in the EUDI wallet of the account holder. During the second step, the payer or wallet holder presents this “SCA attestation” during the transaction together with signed transaction-related data to the merchant.
“This solution means that the payer’s bank gets proof of SCA which it can trust. Furthermore, the bank can always choose to perform (step-up) SCA itself or let the payment transaction go ahead. The choice rests with the bank, as does the liability,” says EWC.
The Consortium also notes that interoperability with existing payment infrastructure is essential for scale. The paper recommends private-public partnerships as a model and provides an example of a successful consumer adoption – BankID in Sweden.
“As a guiding principle, the EUDI wallet should adopt existing standards and be interoperable with existing payment infrastructure,” says its white paper. “Over time, as the EUDI wallet demonstrates its benefits, the payment ecosystem can evolve and support more sophisticated uses of the EUDI wallet which rely on deploying new infrastructure”
Article Topics
biometrics | digital identity | digital wallets | EU Digital Identity Wallet | EU Digital Identity Wallet Consortium (EWC) | financial services
