TOWARDS STRENGTHENING SECURITY

ONLINE PAYMENTS

As of Saturday, new standards intended to reinforce the security of transactions will apply to counter fraud, according to the indications of the French Observatory for the security of means of payment.

These new measures are provided for by a European directive (known as "DSP 2"). Adopted in mid-January 2018, it provides a new layer of security, called “strong authentication” on online banking transactions and operations in order to further lower the fraud rate.

According to the Observatory for the security of means of payment, in 2018, the rate of fraud by authenticated payment was 0.07%, compared to 0.21% for unauthenticated transactions.

To do this, issuers of bank cards and banks, payment operators, online merchants, etc. are required to deploy a so-called “strong authentication” device for the customer during electronic payments or sensitive banking operations.

Concretely, the use of a single code received by SMS to secure a transaction will no longer be considered sufficient and will have to be gradually reinforced by means of new solutions, such as biometric recognition (fingerprint, facial recognition), the issuance of a personal code sent by mail or compulsory connection to the mobile banking application.

Access to bank accounts will also require stronger authentication at least every 90 days. Measures that many establishments have already implemented with their customers.

However, this strong authentication will be dispensed with, all distance purchases of less than 30 euros, payments to automatic transport and parking machines, transfers between accounts of the same person within the same banking establishment or transfers. to people registered as "trusted beneficiaries" by the client with his bank.

In addition, the responsibility for this authentication rests with the banks and no longer with online merchants. In addition, this directive defines the legal status of account aggregation services and payment initiators. From now on, these two activities will have to be carried out by approved service providers.

The directive establishes their conditions of exercise and the manner in which they must operate with the banks of their customers.

The aim is to protect consumers, who until now were not legally covered, and to stimulate competition in payment services.