They’re meant to stop fraud, but online payment checks are frustrating
They’re supposed to stop the fraud, but TOBY WALNE was hit by the new online payment checks: “I had to type in 45 digits to pay for my car park – and I just got on my train!”
- Anyone buying on the internet may now need to verify the transaction with their bank
- This is done by typing in a code sent to their mobile phone by their bank
- This is all part of a major crackdown on push payment scams from online criminals
- Record £754m stolen in first half of last year
Online shoppers now have to enter up to 45 separate card and security numbers to buy a single item under tough new measures introduced by banks to tackle fraud.
The so-called “Strong Customer Authentication” (SCA) rules, which have just been rolled out, mean that anyone buying an item over the internet may now need to verify a transaction with their bank before payment is cleared. approved. This is done by entering a code sent to his mobile phone by his bank – in addition to the bank details he must already provide.
As we show in the box, right, I had to type in a staggering 45 numbers before I could pay to park at my local station in Bishop’s Stortford, Hertfordshire. These included the code to unlock my phone, my bank card numbers and a bank authentication code.
Code red: Toby Walne struggles with his phone’s new security system
I found it tedious, time-consuming, and prone to repeated typing errors – and it almost caused me to miss my train.
Yes, it is ultimately in my best financial interest. But so frustrating! It made me wonder how willing we are to give up convenience for better online security. It’s all part of a major crackdown on online criminals who stole a record £754million in the first half of last year through activities that included so-called push payment scams.
This is where customers are tricked into making online purchases that turn out to be fraudulent or goods and services are purchased using a stolen ID card. The level of this fraud has increased by almost 30% from the £582million stolen in the first six months of 2020.
The extra layer of security provided by SCA rules has been added to make it harder for criminals to use stolen personal data to make fraudulent purchases. By sending a payment verification request to a customer, it alerts them if a criminal is using their account to defraud them. While the added security is welcome, having to enter up to 45 separate numbers to approve a single purchase might seem like overkill to many.
Jana Mackintosh, head of banking trade association UK Finance, says: “Payments fraud is a rapidly growing problem. It was essential to introduce this strong customer authentication as an additional level of security.
“This should give customers peace of mind that they can pre-approve payments about to be taken from their bank account or credit card.”
The extra protection is part of a European Union ‘Payment Services Directive’ adopted by the UK to make shopping online safer.
It’s “two-factor authentication” that requires entering a six-digit code sent to a customer’s mobile phone to confirm a purchase. This authentication can also be done via a phone call or a fingerprint made on a banking application on a mobile phone. Consumer groups welcome the added layer of security despite the added hassle it entails. But they warn that consumers should still be careful not to fall victim to online fraud.
Jenny Ross, editor of consumer group Which?, says: “We have long been asking banks to introduce additional payment protections such as strong customer authentication.
“These new rules could make a big difference when it comes to fighting certain types of online fraud.”
But she adds: “Improved security could also have a cost for customers who do not use mobile phones. Banks must ensure that they provide solutions to all customers.
Who? is also concerned that scammers may view SCA as an opportunity – and that there may now be an increase in fake text messages, calls and emails claiming to be from “your bank” as criminals use these new security checks as a hook to steal your personal banking details.
This means customers need to be extremely vigilant when receiving unsolicited text messages and emails.
This added layer of friction could also make shoppers think twice before making a purchase, which they may appreciate after the all-too-easy convenience of using a contactless card that encourages impulse purchases.
Luckily, the need to keep so many numbers on hand or in your head might just be a short-term problem – as biometric identification is expected to become mainstream as a double-check solution over the next decade as new technologies are deployed. .
Fingerprints, iris scanning and facial recognition technology are already being used in banking apps and passport checks, with the industry keen to roll out more innovations to weed out fraudsters in the future. The National Cyber Security Center (NCSC) was established six years ago by the Government Communications Headquarters (GCHQ), which also looks after the security agency MI5 and the Secret Intelligence Service MI6.
Sarah Lyons, Director of NCSC, said: “It is essential that consumers have confidence that security measures are in place to protect their day-to-day transactions.
The additional authentication now required adds an important layer of security to combat cybercrime. The NCSC points out that other authentication options are also being explored, including iris recognition, which can take images of the eye using infrared light. Fingerprint scanning is another option. Such technology could be deployed more widely in the future. Those who believe they have been scammed should contact their bank immediately.
Most banks are registered with the “voluntary authorized push payment scam code”, which means that they must take steps to minimize fraud. If you believe your bank was negligent in stopping a fraudulent payment and failed to provide a satisfactory explanation, contact the Financial Ombudsman Service. You should also contact Action Fraud and report online fraud.