Strong customer authentication

As of September 14, 2019, increased security requirements apply to certain types of payments to reduce the risk of fraud. These requirements can affect how you pay, as the so-called ‘strong customer authentication’ will often be necessary.

It’s important to know who approves a purchase when a card transaction is made. This is done through an authentication / identification verification, which proves that you are who you claim to be. Strong customer authentication is when authentication is based on technology with several components that are independent of each other, and offer extra protection against unauthorized transactions.

A concrete example this kind of authentication is a digital identification method which requires you to enter a password that is already registered to you.

As of September 14, 2019, new rules in the revised Payment Services Directive (PSD2) apply, which involve increased security requirements for certain types of payments made within the EU / EEA. This is primarily done to reduce the risk of fraud and can affect how you as a customer make your payments, because in many cases, the payment will require so-called ‘strong customer authentication’.

What this means for you:

  • The biggest change is with online shopping, for example, when paying or registering your card details on websites and in apps. It will become more common that a card payment made via e-commerce can no longer be carried out with only your card details. Instead, you will need to do something further to prove that you are who you say you are.
  • You will be asked more often to enter your card PIN code or to use a digital identification method when paying in stores or online.
  • You will still be able to make contactless payments (tap-and-go with your card in store, but more often, you may be asked to enter your PIN code when paying.
  • Card payments where you have previously signed a receipt and credited yourself (for example, for not remembering your code), may be denied in future, and would require you to enter your PIN code.

The most important changes:

  • In future, when you want to shop in store or online, you may have to prove your identity through, for example, a digital identification method or your PIN code.
  • In future, when you want to shop with cards in store, you’ll need to use your card’s PIN code. If you can’t remember your PIN code, you’ll be able to find it in some of our apps, or you can contact us to order a new one.
  • If a shop, both regular stores and online stores, does not comply with the new rules, a card payment may be denied.

What you need to do:

  • Make sure you know your card’s PIN code.
  • If you shop online, make sure you have access to a digital identification method..

Which kind of payments are included in strong customer authentication?

  • The main rule covers both payments made online and in stores within the EU / EEA. Payments made with mobile devices, smart watches, digital payment rings (e.g. Samsung Pay) are also included.

Please continue to be aware of the following:

  • Make sure your contact information with us is up-to-date, such as your phone number, email address, and so on.
  • Just as before, it’s important to watch out for fraud attempts. If someone asks you to log in to your online account, Mobile Bank account, or asks you to use your digital identification method, stop! Never give out cards or information about your cards to anyone, including PIN codes, card numbers, CVC / CVV codes, regardless of how credible the contact may be. Always contact us if you’re unsure.

Read more about your rights on the European Commission's website