New security demands for online shopping
From 1 January 2021 there are new demands for so-called strong customer authentication when paying by card when you shop online and in mobile apps. You need to have BankID to be able to shop online, and payments to online shops and in apps that are not set up for the new rules may be declined.
Why new regulations?
The new regulations are requirements of the EU’s new revised directive on payment services (PSD2), and are being implemented to reduce the risk of fraud. We as a bank need to make sure that the person using the card to pay is the owner of the card.
What does this mean for you?
- When you shop online or in mobile apps, you need to identify yourself using your BankID. Previously, you have been able to identify yourself using a text message service when shopping online, but this solution does not satisfy the new regulations, and the option will no longer be available from 10 January 2021. After this date you will need to use BankID or BankID on mobile together with your card when shopping online.
- If the online shop/the app you are purchasing from do not adhere to the new regulations, your payment may be declined.
- You can no longer use the magnetic strip/chip without entering PIN. From around 1 February, you can no longer use the card in places where you used to use the magnetic strip or chip (for example vending machines or car washes), since it will be a legal requirement to have the option of entering your PIN. Contactless payments will still be possible.
What is strong customer authentication?
When you pay with a card online, we as a bank need to know that the person using the card is also the person that owns the card. For this reason, you need to confirm your identity in a secure manner. This is done through strong customer authentication.
Strong customer authentication means that several components are used as independent criteria for identification, which is the case with BankID (personal identity number/D-number + single-use security code + personal password).
From 1 January 2021, we as a bank, are required to decline payments to European online shopping sites that do not adhere to the requirements for strong customer authentication.