They’re supposed to prevent fraud, but new online payment checks drove TOBY WALNE insane: “I had to enter 45 digits just to pay for my parking spot!”
- Anyone buying online may now need to verify the transaction with their bank
- This is done by entering a code that is sent to the mobile phone by the bank
- All part of a major crackdown on push payment fraud by online criminals
- Record £754million stolen in the first half of last year
Online shoppers are now required to enter up to 45 separate card and security numbers to purchase a single item, amid strict new measures put in place by banks to combat fraud.
So-called “Strong Customer Authentication” (SCA) rules that have just been introduced mean that anyone buying an item over the internet may now have to verify a transaction with their bank before the payment is approved.
This is done by entering a code that is sent to the mobile phone by the bank – in addition to the bank card details that they are already required to provide.
Code red: Toby Walne is struggling with the new security system on his phone
As we show in the box, I had to enter a whopping 45 numbers before paying to park at my local station in Bishop’s Stortford, Hertfordshire.
This included the code to unlock my phone, my bank card numbers and an authentication code from the bank.
I found it fiddly, time-consuming, and prone to repeated typos — and almost missed my train.
Yes, it is ultimately in my best financial interest. But so frustrating! I’ve been wondering how much convenience we’re willing to give up for more security on the internet.
It’s all part of a major crackdown on online criminals who stole a record £754million in the first half of last year through activities involving so-called push payment scams.
Here, customers are tricked into making online purchases that turn out to be fraudulent, or goods and services are purchased with a stolen ID card.
The scale of this scam has increased by almost 30 per cent compared to the £582million stolen in the first six months of 2020.
The extra layer of security provided by SCA rules has been added to make it harder for criminals to use stolen personal information for fraudulent purchases.
By sending a payment verification request to a customer, it alerts them when a criminal is using their account to scam them.
While the added security is welcome, many may find it excessive to have to enter up to 45 separate numbers to approve a single purchase.
Jana Mackintosh, manager at UK Finance, says: “Payment fraud is a rapidly growing problem. It was important to introduce this strong customer authentication as an additional layer of security.
“Customers should have peace of mind knowing that they can pre-authorize payments to be debited from their bank account or credit card.”
The extra protection is part of a European Union “Payment Services Directive” passed by the UK to make online shopping safer.
This is what’s known as “two-factor authentication,” which requires entering a six-digit code that’s sent to a customer’s cell phone to confirm a purchase.
This authentication can also be done via a phone call or a fingerprint taken in a mobile banking app.
Consumer groups welcome the extra layer of security despite the extra effort involved. However, they warn that consumers must remain wary of falling victim to online scams.
Jenny Ross, money editor for consumer group Which?, says: “We have long urged banks to implement additional payment protections such as strong customer authentication.
“These new rules could make a big difference when it comes to tackling certain types of online fraud.”
But she adds: “Improved security could also come at the expense of customers who don’t use mobile phones. Banks need to make sure they offer solutions for all customers.’
Which? is also concerned that scammers may see SCA as an opportunity – and that there could now be a rise in fake texts, calls and emails claiming to be from “your bank” as criminals use these new security controls as hooks to Steal your personal banking details.
That means customers need to be extra vigilant when they receive unsolicited text messages and emails.
That added layer of friction could also make shoppers think twice before making a purchase — something they might appreciate after the all-too-simple convenience of swiping a contactless card that encourages impulse buying.
Luckily, the need to have so many numbers on hand or in your head might only be a short-term concern – as biometric identification is expected to become more widespread as a double-check solution within the next decade as new technologies are introduced.
Fingerprints, iris scanning and facial recognition technology are already being used in banking apps and passport control, with the industry looking to innovate further to weed out fraudsters in the future.
The National Cyber Security Center (NCSC) was set up six years ago by Government Communications Headquarters (GCHQ), which also oversees the security agency MI5 and the intelligence agency MI6.
Sarah Lyons, Director at NCSC, says: “It is important that consumers can be confident that security measures are in place to protect their day-to-day transactions.
The additional authentication now required adds an important layer of security to fight cybercrime.’
The NCSC notes that alternative authentication options are also being explored — including iris recognition, which can capture images of the eye using infrared light.
Fingerprint reading is another option. Such technology could be more widely adopted in the future. Anyone who thinks they have been scammed should contact their bank immediately.
Most banks have signed up for the “voluntarily authorized push payment fraud code”, which means they must take steps to keep fraud to a minimum.
If you believe your bank was negligent in stopping a fraudulent payment and failed to provide a satisfactory explanation, contact the Financial Ombudsman Service. You should also contact Action Fraud and report the online scam.
They’re designed to prevent fraud, but online payment verification is frustrating
Source link They’re designed to prevent fraud, but online payment verification is frustrating