Because the banks are liable to fraud in Denmark, probably also other countries, they already had really strict rules for online payments. Denmark also has it's own national payment card "Dankort", and before 2006, you needed to accept Dankork as it was the most popular debit card. The Danish banks could make their own rules, separately from PCI DSS, and those where much stricter, so no http and only specially audited software was allowed to handle the transactions. The downside was a near monopoly from DIBS.