The European Commission will consider introducing cyber crime laws later this year if the problem continues to get worse, according to a report this week.

A study expected to be published in Autumn 2008 is looking at whether an EU wide directive is needed.

The Commission is increasingly concerned about the rate of cyber crime in the EU, saying it represents the "highest threat" to the European payments industry, and noted that inconsistent legislation across the area is a problem.

"The Commission may consider harmonising EU criminal legislation on identity theft in order to ensure that identity theft is a criminal offence in its own right in all EU Member States and to introduce effective dissuasive sanctions," says the report.

"Criminals have been taking advantage of gaps in the security requirements applied by the payment industry and e-commerce sites in relation to the acceptance of (credit) card transactions," says the report.

And payment card issuers have not systematically rejected transactions with false or missing card security codes, the report found. The airlines/travel agencies and gaming/gambling sectors were particularly identified as weak areas.

The Commission will also look at developing common authentication techniques – such as two-factor authentication – across the EU for internet banking later this year, and will consider making some technologies mandatory.