Thousands of online shoppers could lose out on Christmas deals if they don’t have a good mobile phone signal and in turn fail to verify their transaction in time with their banks’ one time pass code sent via text message.
Earlier this year This is Money revealed that online shoppers would soon require text message confirmation to complete some purchases online.
However, we warned that there were concerns that the system will frustrate customers looking to make a quick online purchase, especially if they live in areas where the signal is poor.
Frustration: Online shoppers could be left frustrated if poor signal thwarts their ability to authenticate transactions with codes sent from their bank via text message
The alternative authentication process has been created to help prevent fraud while still enabling customers to make online purchases safely.
It is replacing the current system which often makes online shoppers enter characters from a ‘Verified by Visa’ password they’ve created for some transactions.
It’s set to be introduced under the European Union’s second Payment Services Directive (PSD2) and will apply from 14 September, 2019 – but some banks have already begun rolling it out.
However, the system isn’t yet fool-proof. This is Money has in the past revealed how easy it is for fraudsters to spoof messages from banks and other financial institutions to dupe unwitting customers.
What’s more, the system isn’t ideal for everyone as not all shoppers have a mobile phone or a good enough signal at home to get the banks’ authentication messages.
What is two-factor identification?
Two-factor authentication is a second layer of security which is used to protect an account, system – and in this case, transactions online.
It increases the safety of online accounts by requiring two types of information from the user, such as a password or Pin, an e-mail account, credit and debit card or fingerprint, before the user can log-in or transact.
Not all transactions will result in online shoppers having to verify their purchases in this way.
Low value transactions under €30 (about £27) will not trigger an authentication message from the bank.
However, multi-factor authentication will still be required once your total payments exceed a cumulative value of €100 (£89) or if you’ve made five payments of up to €30 (£27).
If your bank has achieved a good fraud rating, UK Finance added that they could choose to allow higher value purchase limits up to €500 (£446) that will also not trigger authentication messages.
Some payment providers, such as Santander and First Direct already widely use multifactor or two-factor customer authentication for online transactions, while others will be implementing the changes ahead of next September’s deadline.
A spokesperson for Santander said: ‘Santander currently uses strong customer authentication for some high-risk payments – which could include some online purchases.
‘This is designed to keep our customers’ money safe from fraud which is our top priority.
‘The majority of commonly used transactions however, don’t require a mobile passcode.’
A spokesperson for First Direct explained: ‘Customers whose online purchases need to be authenticated are currently sent a one-time passcode to their registered mobile phone by SMS.
‘They’ll need to input this code in order to proceed with the purchase. We do have alternative processes for customers who cannot use this method, and they may be required to call us to authenticate.
‘We regularly enhance our systems and procedures to protect customers from credit card fraud and unauthorised use, while remaining as user-friendly as possible.’
While it does not have any regulatory powers, UK Finance a trade association which represents the banking and finance industry is urging its members to have an alternative in place such as phoning customers to check purchases or making use of biometric data.
A UK Finance spokesperson said: ‘These changes are aimed at further enhancing payment security and reducing fraud.
‘The requirements will include exemptions for low-risk and low-value transactions to help prevent any unnecessary inconvenience for customers.
‘UK Finance is working closely with the Financial Conduct Authority to advise firms on implementing these changes in a way that helps combat fraud while delivering the best possible experience for customers.’