Online shoppers face chaos as banks and retailers are compelled to ramp up security checks.
Under rules coming in next week, customers will be sent a code by their bank — usually to their mobile phone — when they buy something online. They must enter this at checkout for the payment to be approved.
And the banks are making it even more complicated by setting different rules and limits.
Caution: Banks are hoping to clamp down on scams by introducing tighter security for credit card transactions
The checks are aimed at clamping down on fraud where crooks go on a spending spree using stolen card details.
Banks are warning customers that card payments could be declined as some retailers may not be ready by March 14.
Late in January, First Direct told current account holders: ‘As we get closer to the regulatory date, the number of times you’ll notice you’re asked to verify it’s you making the payment will increase.
‘If the retailer isn’t ready for the new process, there could be times when your card might be declined.’
And the website of trade body UK Finance says card providers have already started to decline ‘non-compliant’ transactions.
Here, we explain everything you need to know about the new rules . . .
What is happening?
From Monday, online retailers will be required to verify shoppers’ identities under new City watchdog rules called Strong Customer Authentication (SCA).
This could be only the first time that you shop with a retailer online, or may happen repeatedly with the same one.
This may include entering a code provided by your bank at online checkout to prove you are using your own card details.
The new regulations are aimed at clamping down on fraud where crooks go on a spending spree using stolen card details
These one-time passcodes are usually sent via text message. But for customers living in areas without a good signal, most banks offer the option of email or an automated message to your landline. Or you may be asked to approve payments by logging into your bank’s mobile app.
The new rules were supposed to be in place by September 14, 2019. But the deadline was extended by 18 months, and then pushed back again due to the pandemic.
Many will be familiar with this extra security check. Some banks and retailers are already using it for customers spending a large sum of money or when they use a website for the first time.
Will this apply to all?
Mastercard says that after the deadline, one in four payments will require the extra check. This is because some online transactions are exempt, such as low-value purchases and those deemed to be a minimal risk by banks. Those with low fraud levels will also be able to wave through larger payments without going through any further checks.
You may be able to set up a ‘whitelist’ of trusted retailers you can pay without restrictions.
However, many providers, such as Royal Bank of Scotland, NatWest, Santander and Nationwide, have said they will not be offering this.
The new rules also apply to transactions made through PayPal and buy-now-pay-later firms, such as Klarna.
Apple Pay already meets the requirements, as customers must enter a passcode or prove their identity using fingerprint or facial-recognition technology.
And if you make regular payments for subscriptions, you will not be asked to enter a code each time that the sum leaves your account.
Will retailers be ready?
Many larger stores, such as Amazon, Argos, Sainsbury’s, John Lewis and Asda, say they have been prepared for the new rules for some time.
But smaller stores may struggle to update their systems in time — and risk significant losses if payments are declined.
Mike Cherry, chairman of the Federation of Small Businesses, says: ‘With current turbulent economic conditions, small retailers already have a lot on their plate and may not have the bandwidth to manage this alone, especially if a small online retail operation is a bolt-on to a mainly bricks-and-mortar business.
‘Anything that adds friction to payment and sales will have a disproportionate impact on smaller firms.’
Jenny Ross, from consumer group Which?, says: ‘The FCA [Financial Conduct Authority] has already extended this deadline for a year due to Covid, so retailers must ensure they meet obligations for the new requirements to avoid unnecessary problems and disruption for customers making online purchases.’
Myron Jobson, from investment platform Interactive Investor, says: ‘Retailers that aren’t compliant could leave many disappointed shoppers in their wake.
‘Shoppers would ultimately be forced to take their custom elsewhere.’
First Direct advises customers who experience problems to contact the retailer and ask if there is an alternative way to pay, such as by phone.
Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.