Police and consumer advocates warn against fraud and phishing attacks in connection with the introduction of the new Payment Services Directive PSD2. The guideline, which aims to make online purchases safer from September 14 by a two-factor method, is exploited as a cause for phishing and fraud attempts, informed the consumer center and the State Office of Criminal Investigation Rhineland-Palatinate on Wednesday and called for caution.
According to phishing e-mails circulating bank customers are asked to confirm their customer data in connection with the innovation. The mail recipients, however, are lured to a fake banking portal and reveal their data about it to scammers. Also around the payment service Paypal there had been similar incidents, said the state criminal police.
In another scam, the upcoming changes are being exploited by prepaid credit card providers. A woman received a phone call requesting that she be sent a new credit card because of the new policy - allegedly because she could no longer use her old card. She was supposed to pay close to one hundred euros even though she had not ordered a new credit card.
Better too careful than too naive
As of September 14, Internet users will basically have to identify themselves with two factors when making card payments in the network. The card number and the check number alone are then no longer sufficient to buy online. In addition to the password or a check digit, another security feature should be specified. This can be about a Tan, which is generated in a Sicherheitsapp. Also, access to online banking itself will soon require a second factor.
Bank customers who are not sure whether they have real-time notifications about their account and what changes they should receive should always contact their bank first.
The State Department of Criminal Investigation and Consumer Advice generally advise against skepticism when someone, by phone or email, "announces or demands of you any allegedly necessary action". "Banks or payment services never ask customer data or access data to the account via e-mail," they emphasize. You should also avoid clicking links in e-mail or opening file attachments, "if there is even the slightest doubt about the meaningfulness or authenticity of the system".