The new Payment Services Directive PSD2 'Payment Services Directive 2' enters into force in Spain to improve the security of electronic commerce, for both sellers and buyers, and comes with far-reaching changes that seek to reduce fraud in the validation process in online card purchases.
Until now, to make payments online, the card issuing entity asked the customer to enter some specific information to confirm the payment. The most used method is by sending a code by SMS to the cardholder's mobile. However, with the new regulations other information will be necessary to verify identity, in such a way that the buyer must undergo a double validation.
This requires add two or more independent authentication elements before authorizing a payment. Thus, you will need something that only the buyer knows (a password), something that only the buyer has (an application on his mobile) and something that verifies his identity on the mobile (a facial recognition or a fingerprint). Thus, to pay online it will no longer be necessary to enter your card details each time.
Advantages of the new PSD2 regulation
The objective is clear and simple: increase security with minimal interference in the buying process. With the PSD2 regulation, the mobile becomes of paramount importance when making an online purchase. Where before we had to have the credit card on hand to enter the data, now we must do the payment by mobile phone.
European regulations will bring with it some advantages, such as the increased customer confidence, which will witness the reinforcement of security and protection in your purchases on the internet using your card. The fear of possible fraud will be reduced.
But, the PSD2 regulation will not only benefit consumers. Businesses will see fraudulent operations reduced and they will benefit from greater trust from customers who buy online.
But, not all purchases through the Internet will require a reinforced authentication, since the regulations contemplate certain exemptions according to the level of risk of the purchase, the country of the trade, the amount of the payment or the recurrence of the operation, among others.
Banks adapt to the new regulations
ING Direct. ING Direct has chosen to do so through a notification sent from your app (on iPhone, or Android). According to the bank, this option is safer than SMS, since this method makes it easier for fraudulent operations to be carried out such as duplicating SIM, one of the most widespread cybercrimes that, with the app, reduces the risk of that happen. Therefore, informs the orange bank, it is necessary to download the app, in order to receive notifications that allow the completion of operations made from the computer. And for those made from the application, you will have to enter the previously chosen mobile validation password.
Santander Bank. To make purchases with Santander, once the card details are entered on the merchant's website, to finalize the purchase, a new page will appear where it will be informed that the identification will be carried out. By clicking on 'continue', the customer will receive a message on the mobile with the summary of the operation and that will redirect to the identification page of the Bank. There, you must enter the access code to identify yourself and confirm the payment.
BBVA. BBVA's method consists in that when the purchase payment is to be made, a screen will appear indicating that the client must access their bank, either through the app or the web, to confirm said payment. If the notifications are activated, a message will arrive on the mobile phone to authorize the purchase directly. When entering the app or bbva.es, the user must use their password, fingerprint or facial recognition. Then, the purchases that are going to be made must be accepted. Once accepted, an SMS will be received with a one-time code, which the customer must enter on the screen that appears. This constitutes the second authentication factor with which it is ensured that it is the customer who is authorizing the online payment in a secure environment.
CaixaBank. In the case of CaixaBank, its customers must authorize the purchases they make with a card through their CaixaBankNow digital banking service. To do this, you must install the CaixaBankNow app on your mobile and activate notifications.
OpenBank. OpenBank informs that to access the web it will be necessary a confirmation code that will arrive via SMS. And then, next to this code, (here's what's new) you must enter the new Secure Electronic Commerce Code (CES), which is made up of 4 digits. For example, if the SMS code is 4ABC and the User's Secure Electronic Commerce Code is 1357, you will have to enter: 4ABC1357.
Bankia. On the Bankia side, authentication will be used via the app and an SMS. Thus, after entering the card details, a notification will be received in the bank's App and, after logging in with the user's password, an SMS will be received that must be included to verify the payment.
Sabadell. Sabadell is also committed to authentication with confirmation code via SMS or through the bank app.