SHOPPERS may no longer be able to spend online after anti-fraud rules are introduced in a matter of weeks because banks “aren’t ready for them”.
New EU rules require retailers to send shoppers a verification code, which customers must then enter online to prove that it’s really them.
1
The passcodes can also be sent to customers via text, email, a generated card reader or banking app, or as an automated message to a landline.
But critics say that the new measures could see a third of payments fail.
The aim is to make it harder for fraudsters to spend your cash and, even though the rules aren’t set to come into force until 2020, retailers have until September 14 to implement the changes.
The Financial Conduct Authority (FCA) has agreed to extend the September deadline for some retailers but an investigation by the Daily Mail found that many leading high street banks are still not prepared for all circumstances.
How will your bank send you the code?
HERE’S how your bank will let you know the authentication code:
- HSBC– Customers will be emailed a code if shoppers aren’t able to receive it via text, but only if they have shared their email address with the bank.
- Lloyds, Halifax and Bank of Scotland – Consumers can only opt to get the code via text or messaged to their landline if they have one.
- Royal Bank of Scotland and NatWest – Shoppers can choose to have the code emailed to them instead, but delays could leave the transaction to time out and customers will have to start the purchase again.
- Barclays – customers will be able to receive the code via the app, a text message or via its PINsentry card reader.
- Santander – The bank is to allow customers choose between getting a text or using the app.
- Metro Bank – The bank will contact customers by text. It is currently reviewing alternative methods and is yet to update customers on the changes.
- Starling – The digital-only bank is managed via the app so all customers already have access to a mobile phone. Customers will be sent a security code via the app, or in case when users can’t get signal, it will generate a one-off code offline.
- Monzo – Yet to alert customers of any changes. All customers have access to a mobile in order to manage their accounts. Payments will be made via the online app. Monzo says that if devices are connected to wifi to make online payments, then the mobile phone can also be connected in order to receive the code.
For example, Santander customers without a mobile won’t be able to use their bank cards for online shopping and many banks haven’t made alternative arrangements for customers with poor phone signal.
Email delays may mean that shoppers don’t receive the codes before the transaction has timed out and those relying on generated card readers will have to keep them on hand at all times.
Some banks are still yet to alert customers about the impending change and others are refusing to add favourite retailers to “whitelists” so they can shop without the restrictions.
In fact, the British Retail Consortium claims that the system is so riddled with problems that it estimates 25 to 30 per cent of online purchases may fail after the roll out.
In worst case scenarios, it warns that customers may not be able to buy things online at all from certain retailers.
Some shops already offer this system, often when making expensive purchases or with a retailer for the first time.
How to protect yourself from fraudsters
ACTION Fraud recommends taking the following advice to stay safe:
- When making a purchase, be suspicious of any requests to pay by bank transfer or virtual currency instead of safer methods, such as credit card or payment services such as PayPal.
- Listen to your instincts: If something feels wrong then it is usually right to question it. Don’t pay for goods or services unless you know and trust the individual or business.
- Personal information obtained from data breaches is making it increasingly easier for fraudsters to create highly targeted phishing messages and calls – watch out for these.
- You shouldn’t assume the caller is genuine just because they’re able to provide some basic details about you.
- Always be suspicious of unsolicited requests for your personal or financial information.
Just one per cent of online payments require a code, according to Mastercard, but this is expected to rise to 25 per cent once the Secure Customers Authentication rules are introduced in September.
Not all transactions will require a security code. You’ll be able to make up to five payments under €30 (£27.50) or every €150 (£137) you spend before being asked to verify who you are.
Fraudsters stole £393million through online payments, according to UK Finance, up 27 per cent on the year before.
Banks have the option to allow shoppers to add trusted retailers to a whitelist that doesn’t require a code to spend money with but Lloyds, Halifax, Bank of Scotland, Barclays and HSBC won’t be offering the service.
A spokesperson from UK Finance who represents the banking industry told The Sun that it’s working with members to communicate to customers and retailers.
They added; “Other methods are also available or being developed that make it even easier to shop more safely online, including biometric technologies that allow customers to be identified with something as simple as a thumbprint.
“We would encourage anyone concerned about their ability to verify online payments to speak with their bank or provider, to ensure their contact details are up to date and discuss what alternatives may be available.”
New rules introduced in May this year mean that banks must now repay victims of bank transfer scams, also known as “authorised push payment” (APP) fraud, even if they feel they’re not to blame.
But a loophole means that banks could get out of repaying fraud victims by getting customers to tick a box before making payments.
We pay for your stories! Do you have a story for The Sun Online Money team? Email us at money@the-sun.co.uk
