Faced with an explosion of fraud (20 times higher online than in local stores), bank card issuers, banks, payment operators, online merchants, etc. have been required since Saturday to deploy a device known as “strong authentication” to a customer during payments Electronic or sensitive banking operations.
This consists of requiring two security standards to be validated by the customer during online payment: the use of a single code received by SMS will no longer be sufficient and will have to be gradually enhanced by new solutions.
Concretely, when paying online, the customer on a pre-identified phone will receive a notification inviting him to authenticate, either by entering a personal code, or by taking a biometric fingerprint of equipped mobile phones (fingerprint, facial recognition, or iris recognition). .
“For customers who do not have a smart phone, banks offer alternative solutions such as using one-time SMS messages along with a password that the customer knows, or using a physical device. Dedicated,” confirms the Banking Union.
The strong authentication really relates to sums in excess of € 500 since February 15, € 250 since March 15 and transactions over € 100 since April 15.
Thus, gradually from this weekend, and finally after four weeks of adjustment, banks will be able to reject any non-compliant transaction.
However, online merchants may request an exemption from strong authentication under certain circumstances. For example, transactions that are less than 30 euros or are considered low-risk, such as regular payments of subscriptions or directed to a beneficiary previously authorized by the consumer in his banking application.