Strong customer authentication: new rules protecting against unauthorised payments come into force

Shoppers must now verify their identity when making purchases online thanks to new security rules.

The last few years have understandably seen us shop online in far higher numbers than ever before.

After all, just because the high street is shut due to a pandemic, that doesn’t mean our shopping needs have simply disappeared too.

Unfortunately, it’s also been a time that has seen sharp increases in the amounts of money lost to online scams, particularly when shopping.

Which is why it’s particularly timely that new rules come into effect this week which are aimed at making shopping online a safer experience.

What is strong customer authentication?

The new rules ‒ known as ‘strong customer authentication’ ‒ mean that shopping online is not all that different to banking online, where you will need to prove that it really is you making the payment, and not a thief who has managed to get hold of your payment details.

When you head to the online checkout, you’ll be asked to provide an additional layer of identification.

That layer can come in one of three main ways.

The first is to confirm a transaction within a banking app.

So for example ‒ and this is something that has already happened for me ‒ if I want to pay for my supermarket click and collect with my Tesco credit card, then I will be asked to open the Tesco banking app and authenticate the purchase there.

You’ll need to prove it’s you using the app, which may mean entering your passcode, facial recognition or providing a thumbprint, depending on the app.

Once you do this, you’ll head back to the retailer’s site.

A second option is for a one-time passcode to be sent to you in a text message to your mobile phone.

You then have to enter that code at the checkout for the purchase to go through.

Finally, you may opt to generate a ‘response code’ from an electronic card reader, sent by your bank.

There will be instructions on the screen talking you through what you need to do, but in essence, you’ll have to put your payment card into the card reader and then enter a code.

The reader will then generate a second code, which you will need to enter on the retailer’s website for the transaction to go through.

Tackling unauthorised payments

Strong customer authentication is designed to address the money lost to unauthorised payment frauds.

As the name suggests, this is where someone else tries to spend money using your payment details, perhaps having stolen your physical card or got hold of your details online.

According to UK Finance, the banking trade body, this form of fraud was responsible for losses worth a whopping £261.7 million in the first half of last year.

That’s an awful lot of money, some of which at least could be prevented by this additional layer of security.

Ahead of the curve

It’s worth emphasising that plenty of us will already be familiar with these additional measures.

While retailers were given this week as the deadline for implementing strong customer authentication, some have got ahead of the curve and already introduced these extra checks as part of their online checkout process.

It’s also important to bear in mind that this new level of security doesn’t apply to all online purchases, only those worth more than £25.

As a result, if you only ever make small purchases online you may not notice any difference to your experience.

Will this make us shop less?

There’s no denying that adding this extra step of security is going to make shopping online a bit more of a hassle.

Having to get a code sent over or log into your online banking does mean that the shopping process takes longer, and that could impact whether we bother to go through with the transaction.

After all, that extra thinking time may mean that we get cold feet over whatever it is we are buying, and instead opt to save the money. 

There is also the danger that strong customer authentication could lead to declined payments, if banks are not able to get in contact with shoppers.

For example, if your bank tries to send you a code to enter into the checkout, but has an out of date phone number for you, then you won’t be able to go through with the purchase.

As a result, taking the time to check that your details are up to date with your various banks is a really good idea.

There has been talk of establishing ‘safe lists’, of the retailers you frequently use and which are perhaps unlikely to be the subject of an unauthorised payment.

If nothing else, this would stop you being asked to verify purchases from the same retailer time and again - for example, your weekly supermarket delivery.

However, no banks currently offer the ability to set one up, with some outright ruling them out.

Finally, there is the question of accessibility.

After all, not everyone shopping online will actually have access to a mobile phone for text messages or banking apps, for example.

Even if they simply have poor signal at home, this could prevent their ability to shop safely online.

While some banks have said they are putting in place a system where you can get these codes delivered to your landline, this is far from common across the banking sector.

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.