Security measures for online card payments will become stricter
In line with EU requirements for secure online shopping, as of 1 January 2021, there will be strengthened authentication requirements for online card payments.
In case the merchant chosen by a customer has not implemented the new technological security solutions – the strong authentication, making card payments on the internet may be disrupted.
The purpose of creating stronger authentication is to protect the interests of customers.
A strong authentication for online card payments in the European Union (EU) is provided for in the regulatory technical standards related to the Second Payment Services Directive (PSD2), which require stricter authentication requirements for online card payments. To meet these requirements, service providers, including merchants from the EU (also EEA) and card issuers, need to introduce solutions that improve payment security and ensure a higher level of customer protection.
From now on, the strong authentication, such as using Smart-ID, biometrics, or a code calculator, will be mainly required for larger payments. The strong authentication according to certain security algorithms will also be required for lower value payments, for example, for every five consecutive payments or when the total value of the payments has reached 100 euros.
Until now, the strong authentication for online card payments in the EU was not required for every transaction, as its frequency was determined by service providers according to the risk analysis. The strong authentication approach will provide payment card holders and merchants with additional security, as the information printed on the payment card can be copied and used for fraudulent purposes or for illegitimate transactions without the cardholder's knowledge.
In Latvia, the strong authentication in e-commerce has been ongoing for already several years. Customers have gained experience in using it when confirming a purchase in internet banking or in a mobile application. However, some merchants in other EU countries, where Latvian customers do online shopping, have not yet implemented these solutions, contrary to legal requirements. In such cases, payment service providers, which are card issuers, will reject online purchases.
If customers use a payment card for regular payments, the addition of the card will be subject to the strong authentication at the first time of interaction and will not be mandatory for further such transactions.
We ask our customers to be understanding and in case of any questions to contact their payment service provider or card issuer.