Credit card payment: Two-factor authentication is now mandatory

January 02, 2021 – 6:25 PM hour

€ 500,000 gold: Pietro Lombardi exposes credit card fraud

It’s an unbelievable sum: singer Pietro Lombardi just told his fans that he’s been a victim of a credit card fraud. “Half a million euros were stolen from me,” he declared on Instagram.

The 28-year-old did not comment on the crime. But the truth is: if you shop online with a credit card, you need to pay special attention to security. The so-called two-factor authentication should help – it’s been legally mandatory since this year. We explain exactly how this works here.

More effort for more security

Anyone wishing to use one of the 33 million credit cards circulating in Germany for online purchases should familiarize themselves with one more step: two-factor authentication (2FA). This means that banks comply with the requirements of the European Union Payment Directive (PSD 2). Although this came into effect in 2019, many online retailers have been tumultuous Financial test But it has not been prepared enough for the change. Therefore, the Federal Financial Supervisory Authority granted them a postponement until the end of 2020.

In the past, you didn’t even have to use your credit card to go shopping or book a flight online. If you have the card number, verification number, and expiration date, you can get started. But since data can fall into the wrong hands, for example through a hacker attack or online retailer’s vulnerabilities, security has now been increased – through two-factor authentication. The risk of fraud and abuse should be reduced in this way.

See also  Indie's Lies: Slay The Spire-style roguelike hits mobile and PC

SMS tan method is the most used

Depending on the credit card provider, the so-called 3D protection operation has different names, for example:

  • Visa: “Verified by Visa”
  • Mastercard: “Mastercard Identity Verification”,
  • American Express: Safekey

As a general rule, customers are required to approve payments with a one-time (TAN) transaction number. Financial institutions offer various procedures, most of which are performed via cell phones. Banks surveyed by Finanztest reported that they use SMS Tan method. This also works on older devices, so a smartphone isn’t always necessary.

Other banks offer to build tanning with a ChipTan generator, which customers must purchase and activate in advance. American Express Card users can also email them a tan. In the Berliner Volksbank, Deutsche Bank, DKB and Frankfurter Volksbank no tan is created. It is enough for customers to open their app with their fingerprint or password and confirm the payment.

Registration is mandatory

Credit card users must take action themselves and register for 3D Secure procedure on bank websites. Then the identification code is requested, which is sent to the customer within a cent, via a sales display on the credit card invoice or by mail.

Anyone who chooses the Tan process via smartphone must now install the appropriate app from the concerned bank. Regardless of which method is chosen, to complete registration, the code must be entered on the bank’s registration website. If all goes right, then the specified action is activated.

The card is gone? Was it banned immediately!

If the new method of online shopping is used, the store will redirect the customer to a website with a secure 3D method connected to the customer’s bank. For the customer, an input window opens in the browser informing the customer of how to accept the payment. If the ID is correct, the bank confirms that it is the rightful owner of the card. Then the purchase is complete. Bank details are only sent between the bank and the 3D Secure website. During this time, the merchant cannot access the data.

See also  Apex Legends Mobile reportedly generated about a third of CoD Mobile's first week's revenue

But despite the extended security measures, credit card users are only allowed to enter their customer data on encrypted websites. If the card is lost, it should still be blocked immediately. Otherwise, the bank cannot be held responsible for damages due to fraud or abuse. Finanztest also recommends this if an identification medium, such as smartphone, cell phone, Photo-, or ChipTan is missing.

Brooke Vargas

"Devoted gamer. Webaholic. Infuriatingly humble social media trailblazer. Lifelong internet expert."

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top