ONLINE shopping’s code for confusion
Within weeks, new anti-fraud rules mean shoppers will need a security code to buy online. But guess what — retailers and banks aren’t ready
MILLIONS of online shoppers could face chaos after a security shake-up that may bar customers without mobile phones. Critics say banks have not done enough to prepare shoppers for the major changes, which are due to take place within weeks.
The new system, aimed at preventing fraud, requires customers to use an access code — typically sent to a mobile — before making purchases online. They must enter this number at the check-out to confirm payment.
But Money Mail has discovered a string of issues that could leave shoppers locked out.
THOUSANDS of Santander customers without mobiles cannot complete purchases.
THE checks could also exclude those who do not get a mobile signal at home. UP TO a third of purchases could fail. SOME banks have still not yet warned their customers about the changes.
MAJOR banks are refusing to let customers ‘whitelist’ favourite retailers, which means they will always have to input the code.
Almost one in five payments to retailers are online, but under new European legislation, shoppers must soon verify internet purchases with a special code. This could be sent to your mobile phone or email address, generated on a card reader or via a banking app, or as an automated message to a landline.
The idea is to make it harder for fraudsters to go on a spree with credit or debit cards.
Many of us are already used to being sent passcodes by our bank when making an online payment as a way of proving we really are the person carrying out the transaction.
And you may already have been asked to type in a code when shopping online if you were spending a large sum of money, or using a retailer you have not shopped with before.
However, just 1 pc of online payments currently require a code, typically sent by text, according to Mastercard. When the new European regulations are introduced in September, this will increase to 25 pc.
Despite firms having two years to prepare for the so-called Secure Customer Authentication, experts are predicting total disorder.
Customers with no mobile phone or poor signal may not receive the code.
Emails could also take a while to reach your inbox, by which point your transaction will have timed out, requiring you to start again.
Those opting to get the code from a card reader will also have to keep the device to hand. In the worst-case scenario, shoppers will not be able to buy from certain websites. In fact, the British Retail Consortium estimates 25pc to 30pc of online purchases may fail when the measures are rolled out.
Much of the problem is down to banks refusing to give customers a choice of how to receive the codes.
SANTANDER, with 15million active customers, says it will only send the code by text to a mobile or via the smartphone app. Those without a mobile will no longer be able to use their card online. You may also struggle if you have poor signal. Santander has yet to tell customers.
HSBC customers will be sent a code via text to a mobile. If unable to receive it, they can get it sent by email — but only if HSBC has their address. Lloyds will text the code to a mobile or send a message to a landline. Royal Bank of Scotland customers can also opt for an email. Nationwide will offer mobile and email options, as well as notifications sent to banking apps and the use of a card reader.
Some providers, such as Metro Bank, Monzo and Starling Bank, have not started telling account holders about the changes.
Some transactions will be exempt. For example, you will be able to make up to five payments under €30 (£27) or once you have spent €150 (£137) before being asked to verify your identity.
Last year, fraudsters stole £393 million using illegally obtained details to make online payments, according to banking
trade body UK Finance — a 27pc increase on the previous year.
Banks that keep fraud levels low will be able to allow larger payments without subjecting customers to an extra identity check, and consumers may have an option to set up a ‘whitelist’ of trusted shops and payees, to make purchases without restriction. But major providers including Lloyds, Barclays and HSBC will not be offering this.
John Marsden, from fraud solution firm Iovation, says: ‘These changes will fundamentally alter online shopping. Banks have not communicated this, and I fear that customers are unaware of it. The messaging I have seen is not instructive, clear or noticeable.’
While the official deadline is September 14, the Financial Conduct Authority has agreed to give firms more time, but while there may be a delay, retailers still need to make the changes.
Gareth Shaw, from Which?, says: ‘These measures are a muchneeded step in the fight against fraud. However, they must not leave consumers unable to make payments. It is vital that banks tell customers about the measures and ensure there are alternatives for those with a poor mobile signal.’
UK Finance says it is working with firms to ensure the changes are clearly communicated to customers and retailers. A spokesman added: ‘Other methods are being developed that will make it even easier to shop more safely online, including biometric technologies allowing customers to be identified with a thumbprint.’
A Santander spokesman says the bank will continue to review options to ensure it can meet customers’ needs.