UK customers are now required to verify their identity for all online purchases worth more than £25, as changes to combat fraud came into force on Monday.
The new financial regulations are aimed at combating online fraud, which costs consumers almost £400m ($522) a year.
The new strong customer authentication (SCA) requirements are a set of rules that changes how people confirm their identity when making online purchases, and is expected to lead to more card payments being declined.
The measures are similar to those already faced by people logging into online banking. Customers will be asked to prove their identity when making a purchase by confirming two of three “factors”. The factors are something they are, for example by providing a fingerprint or facial ID; something they know, like a passcode or password; or something they have, like their mobile phone.
It means that, for example, customers may now find they are asked to verify a purchase via text message more often, receiving a passcode which they are then prompted to enter on screen.
Other confirmations could include answering an automated phone call to a landline or mobile.
Mastercard (MA) now expects about 25% of online transactions to require some form of extra verification by the customer, compared with only 1% of online purchases previously.
Some types of transactions are exempt from strong customer authentication, meaning customers may not always be asked to complete extra security steps. These may be purchases deemed “low-risk” of fraudulent activity, such as when buying low-cost items, or repeated purchases such as subscriptions.
Retailers needed to have the right cyber security software, called “3DSecure”, in place by 14 March to allow banks and card companies to carry out the checks.
But customers risk being blocked from making purchases online because not all retailers are prepared for these strict new anti-fraud measures.
If retailers have not implemented the systems in time, card payments will automatically be declined, even if shoppers have sufficient money in their bank accounts.
Tom Ironside, director of business & regulation at the British Retail Consortium (BRC), said: “Retailers have been working hard to prepare for the Strong Customer Authentication requirements, ensuring online purchases are both as safe and easy as possible.
“The BRC and our members have worked with suppliers to ensure multiple fraud checks are performed behind the scenes and any additional friction is kept to a minimum. Customers should be reassured that buying online has never been safer.”