Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Daily Record
Daily Record
Lifestyle
Linda Howard

Some online payments could now be declined from unless you check this one thing now

New security measures to combat fraud come into force today which will see shoppers being asked to confirm their identity more often when making online payments.

The new strong customer authentication (SCA) requirements are a set of rules that will change how people confirm their identity when making online purchases.

The British Retail Consortium (BRC) said customers will be asked to prove their identity when making a purchase, by confirming two of three ‘factors’:

  • Something they are - using a fingerprint or facial ID
  • Something they know - such as a passcode or password
  • Something they have - perhaps their mobile phone

The changes could mean that customers may now find they are asked to verify an online purchase via text message more often, receiving a passcode which they are then prompted to enter on screen.

Other confirmation methods could include answering an automated phone call to a landline or mobile.

What do I need to check?

To make sure your payments go through without a hitch, make sure the mobile or landline number linked to debit or credit cards is correct, or you will not receive the authentication text message or phone call.

A spokeswoman for banking and finance industry trade association UK Finance said SCA "is an important tool in the fight against fraud, adding an additional layer of protection when people pay online using a card".

She continued: "When a customer makes a payment online, their bank or payment provider will need to verify who they are before the transaction will go through.

"This can be done in a number of ways, including a one-time password sent via text, receiving a phone call, or signing into a bank app.

"Customers should make sure their bank has their correct contact details.

"If a customer has any specific needs, they should contact their bank to discuss what help is available."

While the changes have been in place on some transactions for some time, the proportion of transactions for which SCA requirements apply has been steadily increasing since the start of this year as merchants and payment service providers prepare to comply.

The SCA requirements were previously announced in September 2019.

The BRC said that with increasing amounts of purchases being made digitally, it is hoped SCA will help reduce fraud and better protect customers and their money when shopping online.

However, some types of transactions are exempt from strong customer authentication, meaning customers may not always be asked to complete extra security steps.

These may be purchases deemed "low risk" of fraudulent activity, such as when buying low cost items, or repeated purchases such as subscriptions.

The BRC said retailers have been preparing their systems for many months to process the extra security checks.

Tom Ironside, director of business and regulation at the BRC, said: "Retailers have been working hard to prepare for the strong customer authentication requirements, ensuring online purchases are both as safe and easy as possible.

"The BRC and our members have worked with suppliers to ensure multiple fraud checks are performed behind the scenes and any additional friction is kept to a minimum.

"Customers should be reassured that buying online has never been safer."

Fergal Parkinson, Director of TMT Analysis, said: “While any consumer protection measures are to be welcomed, this is merely the tip of the iceberg. The new rules don’t go far enough and still leave the door wide open for potential simswapping – an increasingly common technique adopted by fraudsters where they intercept authentication text messages.

“Retailers should not be relying just on basic two-factor authentication – sending passwords to a device in order to log in - to keep customer details secure. Ensuring that devices are linked to a specific person is a much more secure approach which dramatically reduces risk to both customers and retailers.

“Crucially, this needs to be done at account creation or registration not just at point of sale to avoid the tricky position PayPal recently found itself in, where 4.5m fake accounts needed to be weeded out after they’ve already committed fraud, rather than focusing on preventing it from occurring in the first place.”

To keep up to date with the latest consumer news join our Money Saving Scotland Facebook group here, follow Record Money on Twitter here, or subscribe to our twice weekly newsletter here.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.