Strong customer authentication: new rules protecting against unauthorised payments come into force
Shoppers must now verify their identity when making purchases online thanks to new security rules.
The last few years have understandably seen us shop online in far higher numbers than ever before.
After all, just because the high street is shut due to a pandemic, that doesn’t mean our shopping needs have simply disappeared too.
Unfortunately, it’s also been a time that has seen sharp increases in the amounts of money lost to online scams, particularly when shopping.
Which is why it’s particularly timely that new rules come into effect this week which are aimed at making shopping online a safer experience.
What is strong customer authentication?
The new rules ‒ known as ‘strong customer authentication’ ‒ mean that shopping online is not all that different to banking online, where you will need to prove that it really is you making the payment, and not a thief who has managed to get hold of your payment details.
When you head to the online checkout, you’ll be asked to provide an additional layer of identification.
That layer can come in one of three main ways.
The first is to confirm a transaction within a banking app.
So for example ‒ and this is something that has already happened for me ‒ if I want to pay for my supermarket click and collect with my Tesco credit card, then I will be asked to open the Tesco banking app and authenticate the purchase there.
You’ll need to prove it’s you using the app, which may mean entering your passcode, facial recognition or providing a thumbprint, depending on the app.
Once you do this, you’ll head back to the retailer’s site.
A second option is for a one-time passcode to be sent to you in a text message to your mobile phone.
You then have to enter that code at the checkout for the purchase to go through.
Finally, you may opt to generate a ‘response code’ from an electronic card reader, sent by your bank.
There will be instructions on the screen talking you through what you need to do, but in essence, you’ll have to put your payment card into the card reader and then enter a code.
The reader will then generate a second code, which you will need to enter on the retailer’s website for the transaction to go through.
Tackling unauthorised payments
Strong customer authentication is designed to address the money lost to unauthorised payment frauds.
As the name suggests, this is where someone else tries to spend money using your payment details, perhaps having stolen your physical card or got hold of your details online.
According to UK Finance, the banking trade body, this form of fraud was responsible for losses worth a whopping £261.7 million in the first half of last year.
That’s an awful lot of money, some of which at least could be prevented by this additional layer of security.
Ahead of the curve
It’s worth emphasising that plenty of us will already be familiar with these additional measures.
While retailers were given this week as the deadline for implementing strong customer authentication, some have got ahead of the curve and already introduced these extra checks as part of their online checkout process.
It’s also important to bear in mind that this new level of security doesn’t apply to all online purchases, only those worth more than £25.
As a result, if you only ever make small purchases online you may not notice any difference to your experience.
Will this make us shop less?
There’s no denying that adding this extra step of security is going to make shopping online a bit more of a hassle.
Having to get a code sent over or log into your online banking does mean that the shopping process takes longer, and that could impact whether we bother to go through with the transaction.
After all, that extra thinking time may mean that we get cold feet over whatever it is we are buying, and instead opt to save the money.
There is also the danger that strong customer authentication could lead to declined payments, if banks are not able to get in contact with shoppers.
For example, if your bank tries to send you a code to enter into the checkout, but has an out of date phone number for you, then you won’t be able to go through with the purchase.
As a result, taking the time to check that your details are up to date with your various banks is a really good idea.
There has been talk of establishing ‘safe lists’, of the retailers you frequently use and which are perhaps unlikely to be the subject of an unauthorised payment.
If nothing else, this would stop you being asked to verify purchases from the same retailer time and again - for example, your weekly supermarket delivery.
However, no banks currently offer the ability to set one up, with some outright ruling them out.
Finally, there is the question of accessibility.
After all, not everyone shopping online will actually have access to a mobile phone for text messages or banking apps, for example.
Even if they simply have poor signal at home, this could prevent their ability to shop safely online.
While some banks have said they are putting in place a system where you can get these codes delivered to your landline, this is far from common across the banking sector.
Comments
Be the first to comment
Do you want to comment on this article? You need to be signed in for this feature