Even more secure card online payments from January

30.12.2020 - 08:35

To make online shopping experience even more secure, from 1 January 2021, purchases made with payment cards will be subject to stricter security requirements. Card payments in Europe’s online shops will need to be confirmed by additional authentication.

According to the European Union Directive, starting 2021 merchants are required to ensure two-factor security for purchases by using the so-called Strong Customer Authentication (SCA). Therefore, it may well be that in online shops, where payments were made only by entering the payment card number and CVC code previously, purchases will need to be confirmed with additional authentication – by connecting to the internet bank with Smart-ID or code calculator.

Most online shops in Latvia have already implemented such solutions and have been using them for several years, so shopping in the local e-shops in most cases will take place as usual. However, as the requirements of the Directive apply to all merchants in the European Economic Area, starting next year, in some cases card payments may be declined if the merchant (for example, an online shop) does not use SCA yet.

Will all payments need to be approved?

No. To ensure greater convenience for our customers, we will use a risk-based approach to authorise payments. Additional authentication will mainly be required to confirm payments of over EUR 30. Strong Customer Authentication will also be required for lower value payments, e.g. every five consecutive payments or when the value of the payments totals EUR 100. In the case of recurring payments, such as subscriptions to video streaming platforms, only the first payment will need to be authenticated.

In addition, the requirements of the Directive do not apply to the merchants operating outside the European Union and the European Economic Area (including the United Kingdom from January 2021), therefore using the solutions meeting the SCA requirements are not mandatory for these merchants.

How to find out if an online shop uses strong authentication?

Most online shops in Latvia already use solutions that meet the requirements of the Directive. If the e-shop uses Strong Customer Authentication, the icons “Verified by VISA” and “Mastercard ID Check” will appear on the website.

We also always encourage you to make sure that the e-shop is a secure one. Its website address should start with “https://”, not “http://”. The terms of delivery and return of goods, as well as reviews of other buyers about the online shop are definitely worth checking.

Why is strong authentication being introduced?

Strong Customer Authentication for online payment card transactions is a part of the European Union's Second Payment Services Directive (PSD2). In order to meet the requirements of the Directive, merchants in the European Union and the European Economic Area, as well as card issuers, need to put in place solutions that improve the security of payments and ensure a higher level of customer protection.