Protecting you, your business and your clients from fraudulent transactions

12 Sep 2019

Did you know since 2012, ecommerce fraud in the UK has doubled? To protect individuals and businesses when transacting online, the Payment Services Directive 2 (PSD2) has been created by the European Banking Authority (EBA) 

This new legislation – which has been enforced by UK law – is designed to protect you, your business and your clients from fraudulent transactions. 

What is PSD2?

The PSD2 is a directive to regulate payment services and payment service providers throughout the EU. It will ultimately provide more protection when making payments online. 

The key change impacting online payments is called Strong Customer Authentication (SCA). This will allow banks to verify the identity of the person transacting online. 

It will require your client to pass an enhanced authentication step when making any payments online. This could be either:

  • Frictionless – which will require no action or;
  • Via a challenge – which will prompt your client to enter some credentials

These changes will start taking effect from September 2019, with the fully compliant date set by March 2021. They are not just Aviva or industry specific and will change the way payments are made online across the board.

How will this change how payments are authenticated online? 

When making purchases online, your clients will typically be sent a verification code to confirm it’s them making the payment. This can be sent by: 

  • Text;
  • Email;
  • A banking application;
  • Automated call to a Landline.
What changes are we making?

To make sure we’re compliant with the PSD2, additional data will be passed from Aviva IT systems to the banks. This will make sure the authentication process is as seamless as possible. The data being shared includes:

  • Names
  • First line of addresses
  • Post code of addresses
  • Email addresses
  • Phone numbers (if already captured by the application)
  • The IP address used during the transaction
  • Payment card number
  • Payment card expiry date
  • Payment card CVV number. 

Our IT systems have been upgraded to support the bank’s verification process.

Why are we telling you?

In readiness for the change, banks will be contacting your clients (and you) to confirm preferred contact details are up to date so the authentication can take place. You may wish to make your clients aware (if you haven’t already) and we urge you to make sure you have completed this too as without the correct details, it will not be possible to transact online. 

Joint account holders or additional card holders will both need to check and update their personal contact details. 

If a bank uses mobile phones for authentication, but the phone is out of range, switched off or not in possession, they will not be able to complete the challenge. 

Are there any exemptions? 

Yes. These can include:

  • Recurring payments that Aviva triggers automatically – These will require the initial online payment to have completed the SCA;
  • Automatic renewals or monthly subscriptions;
  • Payments taken over the phone.

In many instances, you won’t notice any difference. On those occasions when clients are subject to challenge, the SCA shouldn’t take more than a few seconds. 

For more information

If you have any questions or queries regarding the PSD2, it’s advised you contact your bank in the first instance.