After the European Union has ensured significantly more security for online banking in September 2019, the popularity of this payment type has increased rapidly.
Online banking is used for paying bills, for online shopping or also – and with rising numbers – for online gambling. The gambling industry is considered to be at the forefront of technological developments anyway, so it is not surprising that online casinos available in Ireland offer a whole range of online payment options. To the delight of many, paper TAN lists are now a thing of the past. Today, special apps for smartphones and tablets provide the necessary security and convenience for all digital banking transactions.
The changes since September 2019
The new regulations, which came into force in September 2019, primarily ensure that fraudsters are warded off. The so-called Payment Services Directive II / PSD2 secures this. Here, the focus primarily lies on two protective mechanisms. For example, a unique TAN is now mandatory for every payment transaction.
In the past, cybercriminals have always exploited this method to interfere with online banking processes. Orders were changed, and the actual transfer was redirected to the criminal’s account. To prevent this from happening once and for all, users have had to enter a so-called TAN, which is effectively a release code, since 2011. This TAN is then assigned to a specific order.
This TAN was then either transmitted by SMS or via a TAN generator. The generator was a small additional device provided by the bank. Nowadays, apps are the main tool for this. Paper TAN lists were still being used frequently until September 14, 2019, but were then eliminated without replacement.
Today, everything works via two factors
A PIN has always been required for logging into your online banking, as well as a TAN was always required for the actual transfer. So if a cybercriminal managed to steal the PIN, meaning the password, this was not enough to attack the account. The introduction of the TAN provided a second level of security. Through this, even computers infected with a virus did not immediately open all doors to cybercriminals.
In regard to online shopping, however, the situation unfortunately looked different. Often, only the credit card number alongside the check digit had to be entered. In this case, no one could verify whether it was really the owner of the credit card or not. Luckily, there have been significant improvements, as the security of credit card payments was also significantly increased by the European Union in September 2019. The same security effort as for online banking is now used here as well. It is also required that at least two of three available features are used.
The three important features
- Feature No. 1: Have something – this means, for example, your smartphone receives a text message, or you have a card.
- Feature No.2: Knowing something – like the PIN or password.
- Feature No.3: Being something – this could be biometric features such as a fingerprint.
EU rules provide more security and clarity
Thanks to the new rules, liability is now more transparent. If fraudsters should still succeed in transferring or withdrawing money, or even purchasing goods, both merchants and banks must ensure that these security measures have been complied with. Otherwise, they will have to pay for the damage incurred. In the event of a credit card being stolen and then used for unlawful purchases because at least two of the factors were not checked, the merchant must pay the compensation.
These exceptions exist
The new regulations naturally also make payment more complex due to the increased security. That’s why the legislature has allowed a few exceptions.
Exception No. 1: Purchases up to an amount of 30 Euro are exempt from these complex security procedures.
Exception No. 2: In the case of contactless payment with an NFC chip, transactions up to a sum of 50 Euro per transaction are also exempt from the protections, depending on the provider.
Exception No.3: Recurring payments, such as standing orders, are also exempt.
Exception No.4: Online stores that are frequently used are virtually on the list of secure payees.
Under certain conditions, providers can be exempted from the elaborate security measures for the use of credit cards. This may be due to adequate technology, for example, but tends to happen rarely.
Caution is still advisable
Of course, cybercriminals are still keeping pace with security measures. Caution is therefore still advisable. Phishing attacks are extremely dangerous. Well-disguised mails that look as if they come from the bank, the payment service provider or the credit card provider ask to enter sensitive data. Typically, this is done with the warning that absolute haste is required. Here, the key is to remain calm. Check the sender of the mail and, to be on the safe side, contact the bank yourself. Generally, this data is never requested, and the mails are always fraudulent.
What role does the smartphone play?
Increasingly, banks are relying on apps, as this is an extremely cost-effective solution. For the user, however, this calls for a certain amount of mindfulness. The smartphone being used should always be a model that is regularly supplied with the appropriate security updates. Otherwise, the banks’ apps will no longer be functional.
Not everyone uses a smartphone these days, but that does not mean that they are automatically excluded from online banking. For example, the TAN generators or even the SMS TAN are still quite common. Here, however, you should definitely be cautious about the costs. Some banks charge fees for the security procedures. It can even happen that banks charge a fee just for logging in via SMS. While some banks provide TAN generators free of charge, others require you to purchase them. One advantage of these generators is, that they can be used for several accounts and providers, as the corresponding payment card is inserted here.
Due to the additional costs emerging from the security procedures, the consumer centers see this approach as a clear mistake. In their opinion, the protection, which must be guaranteed by the bank, does not represent an additional service, and should already be settled with the account fee. However, the legislator still sees things differently, so these costs are currently still permitted.