What is Strong Customer Authentication?
The EU’s revised Payment Services Directive (PSD2) will make strong customer authentication for all payment providers a legal requirement from 14 March 2022.
Strong Customer Authentication (SCA) is a new set of rules that will change how you confirm your identity when making purchases online. Next time you shop or bank online, you may need to undertake an extra step to confirm it’s really you. This could mean your bank or provider using a number of ways to verify a purchase or login such as a passcode via text message, receiving a phone call to your landline, a card reader or using an app on your smartphone. SCA is being introduced to help further reduce fraud. With increasing amounts of purchases being made online, these new rules will provide the extra protections necessary to ensure that customers are safe when purchasing online and their money is better protected.
What does it mean for customers?
These rules will apply to you when you’re making an online purchase or banking online. When buying items from online retailers, you may receive a text message from your bank or provider containing a passcode. You will then be prompted to enter this code on screen before your payment will be taken. Your bank or provider should also offer alternative ways of confirming who you are. These can include a call to your landline phone, a card reader, or using your banking app on your smartphone, if you have one. When using online banking, you will be asked to verify who you are in a similar way as for online shopping. If you bank via an app you may have already provided the authentication needed by using your fingerprint, a code, or facial recognition to log in. You may not be asked to prove your identity in this way for every transaction.
I don't have a mobile phone. How can I verify my identity?
Your bank will offer appropriate arrangements to help you verify your identity. This could mean your bank or provider using a number of other verification methods such as receiving a phone call to your landline or a card reader. Please contact your bank or provider to update your details and to discuss other options.
Do these rules only apply to online purchases?
Whilst the biggest changes you’re likely to see are online, SCA will also apply in a face to face environment. As Chip & PIN is a familiar way of proving your identity, for most purchases you won’t have to do anything different. However, if you make contactless payments, SCA may mean you have to input your PIN slightly more often. These rules don’t apply to travel, so your regular contactless payments for the bus, train or tube won’t be affected.
I buy online from the same websites regularly. Will I have to prove my ID every time?
In future, you may have the opportunity to add some sellers to a ‘trusted beneficiary’ list, meaning that you will not need to go through SCA when purchasing from that store or organisation. However, if your bank or provider suspects unauthorised activity (such as an unusually large order or delivery to a different address) they may still ask you to confirm your identity. Please note that the implementation date for this feature will vary, depending on your bank or provider and the merchants involved. Why is my bank/provider making it harder for me to shop online? SCA is being introduced to help further reduce fraud. With an increasing number of purchases being made online, extra protections are necessary to ensure that customers are safer, and their money better protected.
Is every payment I make going to be affected?
Not all payments will be affected. Non-electronic payments, such as cash and cheques, are not in scope of these changes. All purchases made by telephone (for example, buying from a catalogue by calling the company and giving your details over the phone) are not in scope. Automatic payments that you make regularly to the same provider (e.g. a subscription to online streaming platform) do not require SCA. You may still be asked for additional identity checks when initially setting up these payments. Low value payments (under £25), including those made on contactless cards, do not always require strong authentication. However, if you have made multiple payments within a short period of time, you may be asked to authenticate. For contactless, this will mean entering your PIN.