Do you use your card to shop online? One feature makes these transactions even safer

In October, the Banco de Portugal joined the European Cybersecurity Month, sharing every week a few tips with bank customers on how to protect themselves online.

This week, we suggest a procedure which makes e-commerce card-based payment transactions even safer: strong customer authentication. Do you know what strong authentication is?

Do you use your bank’s home banking or app? As of 14 September 2019, you are probably required to type in other security elements, in addition to your password, in order to access these channels. This new form of authentication is called “strong authentication” and makes transactions even safer.

As of 31 December 2020, strong authentication will also be compulsory in e-commerce card-based payment transactions. From then onwards, your bank is obliged to request you to type in additional security elements. These new authentication procedures may include, for instance, fingerprint and facial recognition, the use of passwords, or a code sent to the customer’s mobile/smartphone.

Where the bank chooses not to implement strong authentication, for instance when making purchases online solely by entering the card details (card number, expiration date or the CVV/CVC code), the user cannot be held accountable if the payment transaction is not processed, and the bank will be held responsible.

What must you do to keep shopping online in safety and comfort?

1. Talk to your bank. Check which authentication elements may be requested.

To continue making e-commerce card-based payment transactions, you must adopt one of the strong authentication solutions made available by your bank. Ask your bank about the authentication elements that it may use to authorise payments.

In strong customer authentication, your bank will request at least two elements from the following categories:

• Knowledge – something only the user knows (e.g. a password);
• Ownership – something only the user possesses (e.g. the mobile/smartphone to which a code is sent via text message);
• Inherence – something the user is, validated by an identifying attribute (e.g. a fingerprint).

 The two elements requested should be from different categories.

2. Check with your bank whether your contact details are up to date.

Keep your details up to date at all times. Specifically confirm that your mobile/smartphone number is associated with your account. This update is key, for instance, to authenticate payment transactions via text message.

3. Install the app indicated by your bank to proceed with strong customer authentication.

Most banks are adopting strong customer authentication procedures based on a mobile/smartphone app. This app may be one your bank already provides to customers or another specifically developed for this purpose. In any event, follow your bank’s instructions to install and subscribe it.