Change to authentification of online payments in the UK and EU

Started by Buzzard, February 04, 2019, 12:43:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Buzzard

From September 2019, and courtesy of the EU, when you want to make an online purchase your card provider will require additional proof of who you are.  This is to help to combat online fraud which by the way is the banks responsibility.

To provide proof a 6 digit code will be sent to your mobile phone which you then put into the payment screen on your computer and your transaction is complete.

But what happens if:

You don't have a mobile phone or
You live in an area without mobile coverage

Some card providers say:

Facial recognition
Fingerprints
They will e-mail a code (but only for the first 5 transactions after September) or
You can get a code over a landline

But if you don't have a mobile phone or a mobile signal how can you send a selfie or a fingerprint? 

To learn more, not that there's much info out there currently, search for

Strong customer authentication

or ask your card supplier, but don't expect them to have all the answers.

For information there was a piece about this matter on the Radio 4 Money Box programme last night, February 3rd.  Apparently they asked the likes of Visa and Mastercard to participate but they both declined.

So if like me you're in the 5% of people in the UK who don't have decent mobile coverage you might not be buying anything online at home ever again after September.

Now where's my cheque book?  I think I'll be needing it again.

guest311

Now where's my cheque book?  I think I'll be needing it again.


didn't think you could still get one, thought it meant too much work for the banks.


red_death

What you describe with 2 factor authentication via mobile is one method of achieving the requirements of the revised Payment Services Directive, but there are plenty of others. So a mobile isn't necessarily essential (though that may be easiest for the banks).

The PSD requires 2 of 3 from:
Something you know eg password/PIN etc
Something you own eg phone, smart card, token (the latter two have been used by some banks for years anyway)
Something you are eg fingerprint, facial recognition, DNA(!), iris scan etc.  Fingerprint and facial recognition can already be done by increasing number of devices and don't need to necessarily use a mobile signal (but would need some form of ability to pass an electronic token confirming that you've passed the check to whatever device you were paying on) ie the fingerprint/selfie doesn't have to be sent anywhere (just checked against what is already recorded on the device)

So no need to panic yet.

Cheers Mike






CarriageShed

Quote from: Buzzard on February 04, 2019, 12:43:10 PM
To provide proof a 6 digit code will be sent to your mobile phone...

This system is already being enforced by HMRC for self-employed log-ins to their online services. I found it quite intrusive but a two-week search to find a way around it came up with no viable results.

Buzzard

Quote from: class37025 on February 04, 2019, 01:03:11 PMdidn't think you could still get one, thought it meant too much work for the banks.

Got a brand new one last week

themadhippy



QuoteThis system is already being enforced by HMRC for self-employed log-ins to their online services
A sneaky way of linking mobile phone numbers and/or email addresses to  real names and addresses was my first thought,considering you dont have to give either on your self assessment tax return.
freedom of speech is but a  fallacy.it dosnt exist here

daffy

This type of authentication is already in use, as I found today when I logged into my PayPal account to update a Credit Card payment method.

The reason for the update: some  :censored: had recently fraudulently tried to use my existing card details (not, I should add, related to my PayPal account).

I signed in with email and password, was then directed to confirm my mobile number that they had on file was correct, and then they sent a six digit code to that mobile, which I had enter to enter my PayPal account.

Great stuff. :thumbsup: 

Anything like this to protect my accounts, cards and other personal details is fine by me. I live in an area with poor mobile coverage, but so far it's not been a problem, and other methods will have to be made available if it proves problematical in the future, or for those with no mobile.

As for chequebooks - I still have one and have used it just once (two months ago) in the last ten years.
Mike

Sufferin' succotash!

Snowwolflair

Yes and if you use PayPal you wont be asked to authenticate every transaction as PayPal has already authenticated you. 

NB PayPal has a password and to use a credit card online does not, which is why they are introducing it.

guest311

off topic, but some years ago I was in the bank one day, and they were really pushing online banking, entirely for my convenience of course  ;) nothing to do with letting them close branches / make staff redundant / save costs / make more profits  :veryangry:

anyway, the cashier was really pushy about it, so in the end I said

"ok, I change over, when will the computer arrive?"

puzzled look "computer ?"

"yes, of course you could supply a laptop thingy if it's easier, or one that sits on the table, I don't mind really"

"You don't understand, sir, we don't supply you with a computer"

silence for a few seconds ...

"so how do I bank online without a computer ? I haven't got one"

resulted in giggles from the queue behind, and barely concealed anger from the cashier  >:D

for some reason I never got asked that again when I went in  :D

jpendle

Here in the US we've had 2 factor authentication for a while.

You don't need a mobile, just a computer, the verification can be done by mobile, email, or landline.

If you don't have a computer then you won't be making online purchases, and BTW, this is being used more and more here for anything online, getting email, logging into accounts, etc ,etc.

Regards,

John P
Check out my layout thread.

Contemporary NW (Wigan Wallgate and North Western)

https://www.ngaugeforum.co.uk/SMFN/index.php?topic=39501.msg476247#msg476247

And my Automation Thread

https://www.ngaugeforum.co.uk/SMFN/index.php?topic=52597.msg687934#msg687934

PaulCheffus

Quote from: class37025 on February 04, 2019, 01:03:11 PM
Now where's my cheque book?  I think I'll be needing it again.


didn't think you could still get one, thought it meant too much work for the banks.

Hi

I've always had a cheque book and still have one.

Cheers

Paul
Procrastination - The Thief of Time.

Workbench thread
https://www.ngaugeforum.co.uk/SMFN/index.php?topic=54708.msg724969#msg724969

cjdodd

I had this happen the other month.

We were on a works night out, setup a tab at the bar and when I came to pay it (using a phone app) using my corporate credit card it wanted to do 2FA by calling the number my card was registered too. This of course was my work number, which funnily enough no one answered so it refused the transaction.

Newportnobby

Quote from: Buzzard on February 04, 2019, 12:43:10 PM
From September 2019, and courtesy of the EU, when you want to make an online purchase your card provider will require additional proof of who you are.  This is to help to combat online fraud which by the way is the banks responsibility.



No doubt the banks will be informing us of this in November 2019. ::)

chrism

Quote from: Newportnobby on February 04, 2019, 04:44:22 PM
Quote from: Buzzard on February 04, 2019, 12:43:10 PM
From September 2019, and courtesy of the EU, when you want to make an online purchase your card provider will require additional proof of who you are.  This is to help to combat online fraud which by the way is the banks responsibility.



No doubt the banks will be informing us of this in November 2019. ::)

That early?  ;D

Actually, Tesco Bank have already put on their online banking site that they'll be wanting to send a code to a mobile - so, since I live in a poor reception area and therefore don't have a mobile switched on, I've edited my account to remove the mobile number ;)

njee20

Loads of services use two factor authentication already. Apple have been doing it for years. eBay, Microsoft, Autodesk, Google and Goldman Sachs all appear in my phone in the last month with authentication codes. Huge non issue IMO.

Of the 5% of people the OP mentions without good phone signal how are they buying things online? Using a computer with a broadband connection I presume. To which their mobile device can also connect...

Please Support Us!
March Goal: £100.00
Due Date: Mar 31
Total Receipts: £82.34
Below Goal: £17.66
Site Currency: GBP
82% 
March Donations