Anyone who often shops or books on the Internet will have noticed: The credit card number, the validity information and the three-digit check code are often no longer sufficient for payment. Banks are increasingly demanding more extensive authentication via a code that is generated in an app or sent as an SMS to a smartphone (mTAN). This allows banks to comply with the requirements of the new EU Payment Directive (PSD 2). It comes into force this Saturday.
Identity must be proven twice in the future
In other words, every customer must prove his or her identity with two independent components. To release a transfer online, you need firstly the PIN (PIN) to log into the account and secondly, for example, by SMS, a one-time valid transaction number (TAN) can be sent to a previously deposited with the bank mobile number.
Many institutes also offer a "PhotoTAN" procedure: In online banking, a barcode appears, which you have to take a picture of. Then a TAN is generated and the booking is processed. Printed TAN lists lose their validity. Under EU law, credit institutions are no longer allowed to offer this so-called iTAN method for credit transfer from the checking account. Because the transaction numbers necessary for the on-line banking must be generated dynamically in the future. This is not possible with a sequence of numbers on paper.
PSD2 also breaks the monopoly of banks in accessing account data. In the future, financial institutions will also have to allow third-party providers such as financial start-ups (fintechs) access to their customers' data. These could then - with the consent of the customer - offer their services.