Whenever you use your credit card to make an online payment, there are various ways of validating the payment: you can, for example, use your LuxTrust token, confirm with a password and a code from your token or a code received via SMS.
These are all security measures put in place to reduce the risk of credit card fraud, to ensure that the person making the purchase is really the owner of the credit card and the related bank account.
The EU Directive which governs payments, the Payment Services Directive (PSD2) contains (amongst a very wide range of dispositions) rules as to how payments are made, and one of the points directly related to online purchases is Strong Customer Authentication (SCA).
This means that to prove that they are really the owner of the credit card, users will have to provide at least two separate elements out of the following three:
- Something you know (a password)
- Something you own (a mobile phone or a security token)
- Something you are (your biometric identity – fingerprint, iris scan)
SCA applies to all customer and online merchants within the EU and the EEA.
The authentication method using card details and SMS is being phased out and it is important that you have the necessary tools in place by 1 January 2021 – if not, you may risk having payments declined, a frustration that can be avoided by taking the necessary measures now. It should be noted that transactions made at point of sale (e.g. in the store) will not be affected by this change.
If you are a customer who wants to make online purchases, we invite you to contact your bank to find out what steps (if any) you need to take.
If you are a merchant who want to sell your goods or services online, please ensure that you have put the necessary protocols in place. If in doubt, please contact your payment services provider.
Head of Communication
Tel: 46 36 60-319