Online payments with credit card only possible via 2FA in the future

You like to pay online with your credit card? Then this will now be a little more complicated. After all, the mere data of your credit card will no longer be sufficient in the future. In order to be able to carry out an effective transaction, you will now have to confirm it using two-factor authentication (2FA).

Stricter security regulations

People who like to pay online with their credit cards often do so out of convenience. Once saved, payment can be made quickly and easily with a simple click of the mouse. But one man’s joy is another man’s sorrow. After all, quite a few criminals have taken advantage of this fact. Spying on the same data is no problem for shrewd experts. To ensure maximum security, the German Federal Financial Supervisory Authority (Bafin) has now made two-factor authentication mandatory even for small amounts (under 150 euros). Compared to the previous payment process, this is a real quantum leap. For many, however, it is also likely to be an unwelcome change. After all, until now you needed nothing more than your credit card number and check digit to start shopping online. An example from Japan shows how risky this payment method is. There, a seller simply memorized the data of his customers. Following the payment process, he then blithely shopped on the Internet at their expense.

Implementation is the responsibility of banks

It is inevitable that 2FA will become mandatory. How this Bafin requirement is implemented is up to the banks themselves. Accordingly, there are also differences between the institutions. For example, there are banks that rely on a TAN number. The customer must enter this number when shopping online to authorize payment. The corresponding series of numbers is sent by SMS, for example. Other banks rely on a separate app to be used. Here, the payment is verified either by entering a PIN or, alternatively, by taking a photo of a QR code or barcode. Other possibilities are also conceivable. For example, the use of the smartphone’s fingerprint sensor or facial recognition can be considered.

One of the most convenient and secure ways of 2FA is probably FaceID from Apple.

Banks themselves are not required to request 2FA after every single transaction. Thus, the institutions can refrain from a security query in exceptional cases. This is the case, for example, if the customer in question regularly makes purchases from one and the same provider. In this case, 2FA at regular intervals should suffice. The same applies if the purchase amount is less than 30 euros.

Early idea – late implementation

2FA in the area of credit card payments is by no means a new idea. The obligation for banks has already been in place since September 14, 2019, so the obligation for so-called “strong customer authentication” should create comprehensive protection for EU citizens when shopping and banking online. However, Bafin gave a delay until the end of last year. The reason was that some providers needed time to put the new requirements into practice. Now, after a year and a half, the long road to greater security on the Net has come to a successful end. We can only hope that the advantages in terms of security will outweigh the greater payment expense.

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

Leave a Reply

Back to top button