New Anti-Fraud Measures Launched In Retail And Financial Sectors

Lenders and credit card companies are gradually starting to roll out new measures to reduce card fraud.

Strong Customer Authentication (SCA) originates from an EU directive designed to reduce payment card fraud across the continent. To accept payments once SCA goes into effect, customers will need to build additional authentication into their checkout flow. SCA requires authentication to use at least two of the following three elements:

  • Something the customer knows e.g. password or PIN
  • Something the customer has e.g. phone or hardware token
  • Something the customer is e.g. fingerprint or face recognition

Banks will need to start declining payments that require SCA and don’t meet these criteria.

Under SCA, if an online shopper spends more than about £28 in one transaction, they will be asked for an extra form of verification. This will usually be sent by your bank as a one-time password by text to a mobile phone.

It was expected that the first banks would start declining payments without two-factor authentication on 14th September. But many retailers and banks said that the 14 September start date was unrealistic. Therefore, the Financial Conduct Authority has effectively delayed it, saying that it won’t enforce the law until March 2021. However, it still expects providers to gradually introduce the measures over the next 18 months. When you start noticing changes will depend on who you bank with and where you shop.

The British Retail Consortium estimated that the number of e-commerce transactions in the UK would fall by 25-30%, if providers were not ready for the changes.

Andrew Cregan, the British Retail Consortium’s payments policy advisor, commented:

“You could have seen online transactions abandoned due to people simply not receiving the passcode if their bank didn’t hold the correct phone number or if there was no mobile signal.”

Providers are increasingly likely to contact you to remind you about SCA changes over the next 18 months. Have you been asked by your bank recently to add another layer of authentication to complete an online transaction?