Customers should expect changes in the way they shop online from today, in a move to combat online fraud.  

The changes are a result of new Strong Customer Authentication (SCA) requirements, a set of rules that will change how you confirm your identity when making online purchases.   

While SCA rules have applied to a small number of transactions for some time, the proportion of transactions for which SCA requirements apply has been steadily increasing since the start of this year as merchants and Payment Service Providers (PSPs) readied to meet the enforcement date, when all transactions must be SCA-compliant. 

Today’s deadline comes almost three years after the SCA requirements were announced in September 2019. As increasing amounts of purchases are being made digitally, it is hoped SCA will help reduce fraud and better protect customers and their money when shopping online. 

Customers will now be asked to prove their identity when making a purchase, by confirming two of the following three ‘factors’: 

  • Something they are – like a fingerprint or facial ID
  • Something they know – like a passcode or password
  • Something they have – like a mobile phone

In practice, this could mean customers are asked to verify a purchase via text message, receiving a passcode which they are then prompted to enter on screen. Other confirmations could include answering an automated phone call to your landline or mobile, or through an app on your smartphone.  

Some types of transactions are exempt from strong customer authentication, meaning customers may not always be asked to complete extra security steps. These may be purchases deemed ‘low-risk’ of fraudulent activity, such as when buying low-cost items, or repeated purchases such as subscriptions. 

Retailers are ready for the change, having been preparing their systems for many months to process these extra security checks. Successful roll out of the new regulations will also require banks to be prepared for the changes.  

Tom Ironside, Director of Business & Regulation at the BRC, said:  

Retailers have been working hard to prepare for the Strong Customer Authentication requirements, ensuring online purchases are both as safe and easy as possible. The BRC and our members have worked with suppliers to ensure multiple fraud checks are performed behind the scenes and any additional friction is kept to a minimum. Customers should be reassured that buying online has never been safer.