Fraudsters will have to redouble their imagination to hope to rip us off. From this Saturday, each online payment, by bank card (CB), on an e-commerce site, whatever it is, requires "reinforced authentication". In accordance with the Second European Banking Authority Payment Services Directive (PSD2). Until then, only purchases over 100 euros required extensive identification to complete a transaction. "Theoretically, from tomorrow
(Editor's note: this Saturday)
, if no authentication is carried out for an online payment, the bank will be obliged to reject it", summarizes Julien Lasalle, head of the monitoring service. means of payment of the Banque de France.
Clearly, the only cryptogram on the back of your credit card will no longer suffice.
Not even the only series of five, six or eight digits sent by SMS.
Strong authentication can be achieved in two ways.
Users who have a smartphone can validate the transaction on their bank's mobile application, with biometric or facial identification.
Like Crédit Agricole customers with the SecuriPass, or the Secur 'Pass from the Savings Bank.
The others will have to enter a series of numbers sent by SMS, and then a unique code, always the same, communicated by their banking establishment.
According to the Banque de France, 75% of cardholders who make a payment on the Internet are equipped with one of the two solutions.
Recurring orders will not be affected
"Some banks are late, others do not seem quite right, points out Maxime Chipoy, president of MoneyVox, online comparator. The Crédit Mutuel solution, for example, is chargeable with its Digipass at 29 euros, a physical box that generates a code for each new transaction. However, DSP2 normally requires that strong authentication be free for the consumer. The banks have until June 15 to equip the entire population and put their services in working order. "This is a time allowed so that the transition is gradual and that the banks do not end up with an astronomical number of authentications at once," explains Julien Lasalle. “Everyone will be ready,” insists the French Banking Federation (FBF).
Not all transactions will require strong authentication.
There are "exemptions".
You can make five consecutive purchases of less than 30 euros, without needing to identify yourself.
In the sixth, however, authentication will be required.
“As with contactless.
You can carry out X transactions or up to X amount before having to redo your code to reactivate the system.
There, it's the same principle, ”emphasizes Julien Lasalle.
Purchases where the "risk level is judged to be low", such as a recurring order, will also fall through the cracks.
70 billion payments made online on the European continent in 2020
This strengthening of regulations aims to minimize the risk of credit card fraud. In 2020, the European Central Bank (ECB) estimates the number of payments made online on the Old Continent at 70 billion. If there is no such thing as "zero risk", the fraudster will need the active role of the consumer to succeed in fooling her. “Before, they were able to hack SIM cards on phones to get the string of numbers. Now, the user will have to voluntarily communicate his code, or validate a transaction on his application, underlines the head of the service of the monitoring of the means of payment at the Banque de France. It's up to us to educate the public. No bank will perform a test, for example, asking you to validate a transaction of 5,000 euros for the purchase of a television on Amazon.
Better protected, consumers could also tire of the obstacle course that each online purchase will require. Rather than buying your jeans or a book on an e-commerce platform with one click, you will have to wait a few more seconds. A minimal but decisive lapse of time. "Traders fear that the number of abandoned operations will increase," said Maxime Chipoy. Some might get discouraged. There will be no more impulse buying. The time that you authenticate yourself, you will have time to think a little about your acquisition, to know if it is really necessary. And, why not, backtrack. "