Online shoppers may find they need to confirm their identity more often when making payments from today.
That’s because new changes to combat online fraud are coming into force.
The new strong customer authentication (SCA) requirements are a set of rules that will change how people confirm their identity when buying things online.
The British Retail Consortium (BRC) said customers will be asked to prove their identity when making a purchase, by confirming two of three ‘factors’.
- Something they are – using a fingerprint or facial ID, for example;
- Something they know, such as a passcode or password;
- Something they have, perhaps their mobile phone.
It means that, for example, customers may now find they are asked to verify a purchase via text message more often, receiving a passcode which they are then prompted to enter on screen.
Other confirmations could include answering an automated phone call to a landline or mobile.
A spokeswoman for banking and finance industry trade association UK Finance said SCA ‘is an important tool in the fight against fraud, adding an additional layer of protection when people pay online using a card’.
She continued: ‘When a customer makes a payment online, their bank or payment provider will need to verify who they are before the transaction will go through.
‘This can be done in a number of ways, including a one-time password sent via text, receiving a phone call, or signing into a bank app.
‘Customers should make sure their bank has their correct contact details.
‘If a customer has any specific needs, they should contact their bank to discuss what help is available.’
While the changes have applied to some transactions for some time, the proportion of transactions for which SCA requirements apply has been steadily increasing since the start of this year as merchants and payment service providers prepare to comply.
The SCA requirements were previously announced in September 2019.
The BRC said that with increasing amounts of purchases are being made digitally, it is hoped SCA will help reduce fraud and better protect customers and their money when shopping online.
Some types of transactions are exempt from strong customer authentication, meaning customers may not always be asked to complete extra security steps.
These may be purchases deemed ‘low risk’ of fraudulent activity, such as when buying low cost items, or repeated purchases such as subscriptions.
The BRC said retailers have been preparing their systems for many months to process the extra security checks.
Tom Ironside, director of business and regulation at the BRC, said: ‘Retailers have been working hard to prepare for the strong customer authentication requirements, ensuring online purchases are both as safe and easy as possible.
‘The BRC and our members have worked with suppliers to ensure multiple fraud checks are performed behind the scenes and any additional friction is kept to a minimum.
‘Customers should be reassured that buying online has never been safer.’