Forum Home» Budgeting & Bank Accounts

Strong Customer Authentication - **Now delayed** changes to online verification

New Post Advanced Search

Strong Customer Authentication - **Now delayed** changes to online verification

edited 21 August 2019 at 4:38PM in Budgeting & Bank Accounts
293 replies 34K views
eskbankereskbanker Forumite
14.5K posts
Part of the Furniture 10,000 Posts Name Dropper Photogenic
✭✭✭✭✭
edited 21 August 2019 at 4:38PM in Budgeting & Bank Accounts
*** Latest news, 13 August 2019 ***

As expected, implementation has been delayed by up to 18 months by the FCA, as covered at https://www.fca.org.uk/news/press-releases/fca-agrees-plan-phased-implementation-strong-customer-authentication and https://www.fca.org.uk/consumers/strong-customer-authentication
For online banking, the changes will be phased in from 14 September 2019 and completed by 14 March 2020.

For online shopping, we have agreed a plan with the e-commerce industry of card issuers, payments firms and online retailers that gives them 18 months up to March 2021 to implement SCA.
As this has cropped up in a number of threads, I thought I'd have a stab at collating what each bank is proposing to implement in response to the regulatory requirement to strengthen security for online purchases and online banking by introducing two-factor authentication.

Many banks are publishing their stance on their websites but there are plenty of blanks to fill in, so happy of any and all help in finding confirmed links for the rest - I'll try to keep this updated!

Note that these measures aren't necessarily all in place yet but are planned to be introduced in time for the 14 September deadline, which, as at mid July, looks likely to be delayed (see reference documents below).

(OTP = One Time Password/Passcode)

Barclays - app, OTP to mobile, PINsentry card reader
https://www.barclays.co.uk/digisafe/protecting-you-against-fraud/ still doesn't have details but see posts #152 and #163

Bank of Scotland - app, OTP to mobile or landline, trusted device (banking)
https://www.bankofscotland.co.uk/aboutonline/changes-to-internet-banking.html

Capital One - OTP to mobile or landline for purchases
https://www.capitalone.co.uk/support/one-time-passcode-terms1.jsf
https://www.capitalone.co.uk/support/one-time-passcode-terms2.jsf

Clydesdale - app, OTP to mobile or landline, plus security token for online banking
https://secure.cbonline.co.uk/landing-pages/strong-customer-authentication/

Co-operative - app, OTP to mobile or email
https://www.co-operativebank.co.uk/security/two-factor-authentication

First Direct - Secure Key (physical or on app)
https://www1.firstdirect.com/help/secure-key/

Halifax - app, OTP to mobile or landline, trusted device (banking)
https://www.halifax.co.uk/aboutonline/changes-to-online-banking/

HSBC - Secure Key (physical or on app) for online banking
https://www.hsbc.co.uk/help/security-centre/simple-safe-secure/

Lloyds - app, OTP to mobile or landline, trusted device (banking)
https://www.lloydsbank.com/online-banking/changes-to-internet-banking.asp

M&S - Secure Key (physical for now, then app later in year), OTP to mobile (initially email too)
https://bank.marksandspencer.com/security/how-we-protect-you/otp-faqs/
https://bank.marksandspencer.com/digital-changes/

MBNA - app, OTP to mobile or landline, trusted device (account servicing)
https://www.mbna.co.uk/managing-your-account/changes-to-online-shopping.html

Metro - OTP to mobile
https://www.metrobankonline.co.uk/ways-to-bank/i-want-some-information-about/fraud-and-security/

Monzo - OTP in use for some purchases? Also app
https://community.monzo.com/t/strong-customer-authentication/68224/3

Nationwide - app, OTP to mobile, card reader
https://www.nationwide.co.uk/support/support-articles/security/strong-customer-authentication

NatWest - OTP to mobile or landline or email, card reader
https://personal.natwest.com/personal/fraud-and-security/sca.html
https://supportcentre.natwest.com/Nonsearch/913268482/What-is-a-One-Time-Passcode.htm

One Account (RBS) - OTP to mobile, card reader
https://service.oneaccount.com/onlineV2/OSV2?event=twofactorlogin

RBS - OTP to mobile or landline or email, card reader
https://personal.rbs.co.uk/personal/fraud-and-security/sca.html
https://www.supportcentre-rbs.co.uk/Searchable/913268482/What-is-a-One-Time-Passcode.htm

Santander - app, OTP to mobile
https://www.santander.co.uk/personal/support/ways-to-bank/changes-to-how-you-log-on-to-online-banking

Starling - as per post #16, no extra authentication needed?

Tandem - OTP in use for some purchases
https://intercom.help/tandembank/en/articles/1978234-online-purchases

Tesco - OTP by text (not clear if landlines supported)
https://www.tescobank.com/security/how-we-protect-you/

TSB - OTP to mobile or landline
https://www.tsb.co.uk/fraud-prevention-centre/security-faqs/#What_is_Strong_Customer_Authentication

Yorkshire Bank - app, OTP to mobile or landline, plus security token for online banking
https://secure.ybonline.co.uk/landing-pages/strong-customer-authentication/

Yorkshire Building Society - OTP to mobile or landline
No link published yet but email quoted at post #71


Which? beat me to it by doing some investigation and publishing on 13 June, but they also found that not all players had finalised their plans:
https://www.which.co.uk/news/2019/06/new-online-security-checks-exclude-people-without-mobile-phones-or-decent-signal/

Reference documents:

Revised Payment Services Directive (PSD2), FCA, December 2015

Regulatory Technical Standards on strong customer authentication and secure communication under PSD2, 27 November 2017

FCA approach document, v4, June 2019 (industry guidance)

Opinion on the elements of strong customer authentication under PSD2, EBA, 21 June 2019 (casting doubt on validity of OTP solutions and effectively suggesting that national bodies may delay introduction)

FCA response to European Banking Authority's Opinion on Strong Customer Authentication, FCA, 28 June 2019 (recognising the need to reconsider technical approach and implementation timescales, and proposing some industry consultation)

Press release from EPSM (European Association of Payment Service Providers for Merchants), 10 July 2019 (advocating an 18 month delay)
«13456730

Replies

Sign In or Register to comment.

Quick links

Essential Money | Who & Where are you? | Work & Benefits | Household and travel | Shopping & Freebies | About MSE | The MoneySavers Arms | Covid-19 & Coronavirus Support