Enter the card number, the validity date and a three-digit security code – and you're done. For a long time, paying with Credit card on the Internet. As of Monday, 15. March, this is now a thing of the past. Then online merchants – except for very small amounts of up to 30 euros – are obliged to higher security standards obligated. Consumers will have to adapt.
Why is the credit card payment process in online retail changing??
The background is a decision of the European Union. With the "Second Payment Services Directive" (PSD 2), the Payment transactions in the EU become more secure. Stricter requirements now apply to shopping on the Internet. The first stage of PSD 2 came into force on 14 January 2009. September 2019 in force. It was valid for online banking.
Because retailers reported a significant need for adaptation, the new obligations for card payments on the network were stretched out in time. In full effect from the 15. March. It is estimated that around 32 million credit cards are in use in Germany.
Customers must explicitly approve all payments of 30 euros or more, thus proving their identity twice. Even if a credit card is deposited with payment service providers such as Paypal or Amazon Pay, a second security factor must be used. This is done with a so-called Two-factor authentication.
The second proof can be implemented, for example, with an app for a smartphone, a generator device or an SMS message. Technically possible are also procedures such as fingerprint, barcode or facial recognition.
As a rule, a payment is released by confirming it at the touch of a button or by entering a transaction number, or TAN for short. "If no second factor is required for the payment, it may no longer be executed," says legal expert Julia Gerhards from the consumer center Rhineland-Palatinate.
Why do the new rules increase security?
There are two reasons for this: Credit card numbers, including the holder's name, expiration date and three-digit security code – which is printed on the back of the card – are often stolen by criminals, especially on the Internet. About a week ago, for example, a major German online store reported the loss of tens of thousands of data records. "These packages are then sold by the criminals. The ie Identity theft is huge," says Julia Gerhards.
Until now, these data were often sufficient to cash in. With two-factor authentication, however, there is now firstly a physical safeguard by entering further data. And secondly, in the background runs a technical, complex process off, "which enables a dynamic linking of the payment on the Internet with the specific purchase transaction," Gerhards explains. Without this link, the payment will not be triggered. This innovation is crucial, but little known, he said.
Risk of credit card fraud to be mitigated
In addition, PSD 2 strengthens the position of the consumer through another innovation: If there is no functioning two-factor authentication, the cardholder is no longer liable for possible damages due to data misuse.
"Two-factor authentication is less convenient, but it can really save credit card holders from a lot of hassle," sums up Julia Gerhards. For the victims, fraud with stolen card data has so far mainly involved Stress and effort were associated with. This had ranged from the chargeback of the money to the criminal complaint to the police.
Online retailers also welcome two-factor authentication. "The introduction diminishes the Risk of credit card fraud on the Internet in Europe is considerable," says Birgit Janik, Tax, Finance and Controlling Officer at the German E-Commerce and Distance Selling Trade Association (bevh). The bevh regrets that the second factor is not a global requirement. For example, stolen card data could continue to be used in countries outside of Europe.
Are there exceptions to two-factor authentication??
These exist. According to the Association of German Banks (BdB), these depend on the decision of the bank from which a customer obtains his payment card. For example, if consumers store more frequently at the same online store, a financial institution can reportedly refrain from releasing the payment there with two factors each time.
"This requires a list on which the customer approves corresponding stores," explains Julia Gerhards. Even with Payments under 30 euros could be dispensed with the second factor.
What can I do if my card payment in the network from the 15. March no longer works?
If customers can no longer make a payment by card, there are four possible reasons for this: The merchant has decided against card payments in view of the strict security requirements, or he has failed to convert his store system accordingly. But perhaps shoppers have not yet agreed on a second factor with the bank or credit card provider, or have not used this in the Online banking not unlocked.
"The only thing that helps here is to contact the bank or the card provider," says Gerhards. In addition, consumers can switch to alternative payment methods, such as direct debit or purchase on account. These are not affected by the strong authentication.
How are customers set up for the innovations?
The Rhineland-Palatinate Consumer Center ames that many cardholders are already aware of two-factor authentication. The German E-Commerce and Distance Selling Trade Association, however, reports other experiences.
Many online stores have switched their card payments since the phased introduction of two-factor authentication in January. According to Birgit Janik, there has been a drop in the conversion rate of up to 50 percent. This means that sometimes every second payment transaction aborted when the second factor was called up. "The reasons here are not just technical problems," says Janik. They would also find themselves with the customer who had not yet verified his credit card for payment on the Internet.