Shopping on the internet should become safer: new security standards for online payments come into force from this Saturday, May 15 and will gradually be adopted by merchants.
Issuers of bank cards, banks, payment operators, online merchants, etc. are now required to deploy a device called “Strong authentication” of the customer during electronic payments or sensitive banking transactions.
Momox, the e-commerce and second-hand giant in Europe
This consists of requesting, during an online payment, the validation by the customer of two security criteria: the use of a single code received by SMS will no longer be considered sufficient and will have to be gradually reinforced by means of new solutions.
Starting Saturday, “Strong authentication is requested by French banks, in consultation with the payments ecosystem, for online purchases”, said the French Banking Federation in a press release.
20 times more fraud with e-commerce
Concretely, when paying on the internet, the customer will receive a notification on a previously identified phone inviting him to authenticate, either by entering a personal code, or by taking a biometric fingerprint for equipped mobiles. (fingerprint, facial recognition or iris recognition).
“For customers who do not have a smartphone, banks offer alternative solutions such as the use of a one-time SMS coupled with a password known by the customer, or the use of a physical device. dedicated “, underlines the banking federation.
INFO OBS. 114,000 jobs destroyed in ten years with the rise of e-commerce in France
This new device is provided for by the European directive known as “DSP2” aimed at strengthening the level of security of internet payment transactions in Europe, to limit the risk of fraud. It occurs in the particular context of the Covid-19 crisis, which has resulted in an explosion in online commerce.
Gold “The fraud rate is twenty times higher in e-commerce (0.16% of amounts) than in local shops”, reports to AFP Jean-Michel Chanavas, Managing Director of Mercatel, a professional association specializing in payment issues.
“The traders completely agree to reduce the level of fraud”, But “The challenge was to get the tools to be there”, he adds, saying he is particularly vigilant about “Mobile purchases, where failure rates are higher and where there are still problems to be solved”.
Gradual implementation since February
“Everything will not go from one extreme to the other”, emphasizes for its part the federation of e-commerce Fevad, recalling that these new security standards have been implemented in stages for several months. “We worked a lot with the Banque de France, with the various players, the sites [internet]. Everyone made sure it was ready. “
Strong authentication already concerned amounts greater than 500 euros since February 15, 250 euros since March 15 and transactions above 100 euros since April 15.
“We cannot transpose the creative approach of a store on the Internet! “
Some merchants have also taken the lead and switched all of their transactions: in total, more than “80% of the amounts are already subject to strong authentication”, assures Jean-Michel Chanavas.
For the others, “Banking institutions, from May 15, will gradually implement this strong authentication measure over a period of four weeks, in order to allow merchants time to adapt”, specifies the banking federation. Thus, gradually from Saturday, and definitively after the four weeks of adaptation, the banks will be able to decline any non-compliant transaction.
However, online merchants may request an exemption from strong authentication under certain conditions. For example on transactions of less than 30 euros or deemed low risk, such as regular payments for subscriptions or addressed to a beneficiary pre-authorized by the consumer in his banking application.