From February 1,
credit card payments
that exceed
30 euros
will require double authentication;
that is, the presence of two
security measures
to increase the protection of bank users and the operations themselves.
In reality, the measure should have been implemented on January 1, 2021 (the regulation entered into force in September 2019, in fact), but the deadlines were made more flexible to minimize problems as the sector was not fully prepared.
The measure, known as
Enhanced Customer Authentication
(SCA, for its acronym in English) will affect both face-to-face stores and online businesses and is included in the regulation on payment services for all of Europe, as explained on the website of the Community of Madrid.
Strengthened authentication includes "many of the banking operations that we carry out daily, such as access to our account on the internet, electronic payment,
card payment in an establishment
, as well as actions that are carried out from a remote channel and can pose a risk of payment fraud ".
Broadly speaking, what this protection does is add
a second lock
;
an additional step when it comes to verifying that whoever uses a card really owns it.
Similar protections are already used by several social networks and online services and
send a one-time code to
the user's
phone
after the user enters the correct password.
In this case there will be three "independent" elements:
knowledge, possession and inherence
.
At least one of them must preserve the confidentiality of the rest, not be replicable, not be reusable and cannot be stolen online.
Thus,
knowledge
would be something that
only the client knows
, such as a key, code or the answer to a specific question.
For its part,
possession
would refer to an object that the client has (the most common would be a
mobile phone
), while
inherence
refers to something of the person himself, such as his fingerprint or face in facial recognition systems .
When making a card payment we will be asked one more step
In practice, what this will mean is that when you go to make a payment of more than 30 euros, in
addition to entering the password, we will be asked one more step
, which may be to enter a code received on the phone.
If the payment is not made with a card, but with the mobile, the measure could be to request the fingerprint (the phone itself could do it, since it would combine possession of the phone with inherence).
In addition, double authentication could also be required for payments under 30 euros if they have already been made at least five times or if
they have
already
exceeded 100 euros in purchases
after the last time this additional step was requested.
However,
there will be exceptions
: periodic subscriptions (services such as
Netflix
,
HBO
or
Spotify
, for example), some
contactless payments in establishments
(where the limit will be 50 euros) and operations in which the payment has been initiated by phone or email.
One of the most notable changes will be the access and use of payment accounts, which will mean that when making transfers or payments with the account, an additional password could be requested in addition to the service password itself.
The most normal thing would be to have to enter a code received on the mobile
.
The same will happen when making a purchase online or in person.
There will be a
maximum of five attempts
to apply strong authentication, which must also be 'resolved' within five minutes: this will be the maximum waiting time when a validation code sent to the phone has to be entered.
According to the criteria of The Trust Project
Know more
economy
savings and consumption
Saving and ConsumptionHow to change banks for a free mortgage and save up to € 40,000 in interest
PodcastThe clear accounts: Why the electricity bill is higher in Spain
Practical guide Tips to reduce your electricity bill as much as possible during the price escalation
See links of interest
Holidays 2021
Raise - Villarreal
Granada - Barcelona, live
ATP Cup: Rafa Nadal - Stefanos Tsitsipas, live