You like to pay online with your credit card? Then this will now be a little more complicated. After all, the mere data of your credit card will no longer be sufficient in the future. In order to be able to carry out an effective transaction, you will now have to confirm it using two-factor authentication (2FA).
Stricter security regulations
People who like to pay online with their credit cards often do so out of convenience. Once saved, payment can be made quickly and easily with a simple click of the mouse. But one man’s joy is another man’s sorrow. After all, quite a few criminals have taken advantage of this fact. Spying on the same data is no problem for shrewd experts. To ensure maximum security, the German Federal Financial Supervisory Authority (Bafin) has now made two-factor authentication mandatory even for small amounts (under 150 euros). Compared to the previous payment process, this is a real quantum leap. For many, however, it is also likely to be an unwelcome change. After all, until now you needed nothing more than your credit card number and check digit to start shopping online. An example from Japan shows how risky this payment method is. There, a seller simply memorized the data of his customers. Following the payment process, he then blithely shopped on the Internet at their expense.
Implementation is the responsibility of banks
It is inevitable that 2FA will become mandatory. How this Bafin requirement is implemented is up to the banks themselves. Accordingly, there are also differences between the institutions. For example, there are banks that rely on a TAN number. The customer must enter this number when shopping online to authorize payment. The corresponding series of numbers is sent by SMS, for example. Other banks rely on a separate app to be used. Here, the payment is verified either by entering a PIN or, alternatively, by taking a photo of a QR code or barcode. Other possibilities are also conceivable. For example, the use of the smartphone’s fingerprint sensor or facial recognition can be considered.
Banks themselves are not required to request 2FA after every single transaction. Thus, the institutions can refrain from a security query in exceptional cases. This is the case, for example, if the customer in question regularly makes purchases from one and the same provider. In this case, 2FA at regular intervals should suffice. The same applies if the purchase amount is less than 30 euros.
Early idea – late implementation
2FA in the area of credit card payments is by no means a new idea. The obligation for banks has already been in place since September 14, 2019, so the obligation for so-called “strong customer authentication” should create comprehensive protection for EU citizens when shopping and banking online. However, Bafin gave a delay until the end of last year. The reason was that some providers needed time to put the new requirements into practice. Now, after a year and a half, the long road to greater security on the Net has come to a successful end. We can only hope that the advantages in terms of security will outweigh the greater payment expense.