New safety rules at online shopping

New safety rules at online shopping

If you use a credit card or paypal when shopping on the net, you should be more frequenting from january 2021 "strong customer authentication" (sca) stoben. This particular form of two-factor authentication writes the second european payment serviceslline (psd2) in the eu now binding for the mentioned payment methods. This ends the phase in which the european financial supervisors have not yet enforced the sca on the trade associations.

When how where?

For them as a consumer means that after clicking on "pay" essentially often a security query of your credit institution ("card outstanding bank") can appear. The names of the procedures remain the same: you talk about "3d secure"; the own names of mastercard are "identity check" and "secure code", visa calls you "visa secure" and "verified by visa", american express "safekeep".

When query you must take the booking with a second factor, similar to the online banking. This can be a tan that you receive by sms (plus security question) or after the scan of a code with a reader. However, many banks also use the smartphone as a platform on which they have to confirm approximately a punctured in the push process query. Make sure that your reader, mobile phone or smartphone also displays the handler as well as the preservation and amount of purchasing correctly. Since every bank and savings bank are free in which procedures they offer them, they should inform themselves timely there. We have put together an overview of many banks last year.

New safety rules at online shopping

Since january 2021, banks for online shopping with credit card call for a two-factor authentication – so or so similar.

Paypal must also expand the voluntary two-factor authentication for compulsory sca. The service has therefore requested its customers for some time to deposit a mobile or landline number in the account. Paypal first sets the sms tan procedure – the landline can also be done in the form of an automatic announcement. Alternatively, you can use an authenticator app.


The psd2 let credit institutions allow the possibility to allow certain exceptions to the sca. That too regulates every bank or savings bank differently. Similar to the online banking, for example, they can exclude payments up to 30 euros. Even for regularly recurring payments, about subscriptions, the psd2 allows for a unique sca exceptions; possibly we are positive lists with trustworthy handlers. The most important, because completely in the background except is the so-called transaction risk analysis: if your bank falls below certain fraud rates, it may even free payments up to 500 euros from the sca.

Criminals will try to exploit the initial uncertainty through the new rules. Technically, credit card fraud is more difficult on the internet for you due to two-factor authentication. However, they were trying to move customers through phishing emails for the disclosure of credit card data. Therefore, they remain suspicious and ask in doubt in their bank.

If you are unsure, you can also grab other payment methods. Not under the sca are for example the purchase on account or the online signs. In other methods, such as instant referral, giropay, paydirekt as well as apple pay and google pay, has nothing changed.

And the handlers?

Handlers offering credit card payments also had to "3d secure" prepare. Cloud-based shop platforms and marketplaces, which also handle payments, have mostly adapted their payment interfaces. Also the payment service provider, ie the payment transducers, offer their own tools corresponding tools.

Missing the connection to 3d secure (from version 2.X), it may happen that the customer’s card iing bank refuses to pay the payment or surrounds an old, more sensitive procedure. This can bring customers to completely cancel the purchase. For handler, there is therefore benefits to offer further payment methods – and inform their customers what they expect at the checkout.