Saturday is the delayed deadline for UK banks and financial institutions to have implemented two-factor authentication for payment transactions.
This is the result of the EU Payment Services Directive 2 (PSD2) for "Strong Customer Authentication" (SCA). This requires institutions to have two levels of authentication in place for online transactions to reduce fraud. Providers can choose two out of three – something the customer knows, like a PIN, something they have, like a phone or hardware token, and something they are – a biometric check.
James Stickland, chief executive officer at authentication platform Veridium, said the huge growth in use of digital services made better authentication vital.
Stickland said: "This Saturday's deadline is a long-awaited triumph for consumer security and combatting online fraud. Ever-rising fraud levels are linked to the consumer preference of mobile e-commerce, forcing regulation to keep pace with innovation. Businesses have had an extended period of six months, in addition to the two years since the initial announcement, and there is no legitimate reason not to be compliant. A failure to integrate Strong Customer Authentication demonstrates a disregard for consumer protection – it should have been prioritised long ago and viewed as a business differentiator."
Stickland warned that banks face large fines for not complying with the rules and though the changes could inconvenience customers, they could actually improve user experience and increase confidence as well as allow new services to be offered.
There are some exceptions to SCA such as recurring payments when only the first payment needs authenticating, low-value payments of less than €30 and merchant-initiated transactions.
How big a problem online fraud is a hotly disputed subject.
Government quango Action Fraud is the UK's central referral point for online crime. But it referred fewer computer misuse cases to police in 2019, while the Crime Survey for England and Wales also saw a fall but a far higher total than Action Fraud.
In other news. Halifax and Lloyds' online services were struggling to stay available this morning.
We contacted Lloyds, FirstDirect, the Royal Bank of Scotland as well as the Financial Conduct Authority but none were able to respond. ®
Sponsored: Ransomware has gone nuclear