We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Strong Customer Authentication - **Now delayed** changes to online verification
eskbanker
Posts: 36,426 Forumite
*** Latest news, 13 August 2019 ***
As expected, implementation has been delayed by up to 18 months by the FCA, as covered at https://www.fca.org.uk/news/press-releases/fca-agrees-plan-phased-implementation-strong-customer-authentication and https://www.fca.org.uk/consumers/strong-customer-authentication
Many banks are publishing their stance on their websites but there are plenty of blanks to fill in, so happy of any and all help in finding confirmed links for the rest - I'll try to keep this updated!
Note that these measures aren't necessarily all in place yet but are planned to be introduced in time for the 14 September deadline, which, as at mid July, looks likely to be delayed (see reference documents below).
(OTP = One Time Password/Passcode)
Barclays - app, OTP to mobile, PINsentry card reader
https://www.barclays.co.uk/digisafe/protecting-you-against-fraud/ still doesn't have details but see posts [URL="https://forums.moneysavingexpert.com/discussion/comment/76148042#Comment_76148042[/URL] and [URL="https://forums.moneysavingexpert.com/discussion/comment/76150789#Comment_76150789[/URL]
Bank of Scotland - app, OTP to mobile or landline, trusted device (banking)
https://www.bankofscotland.co.uk/aboutonline/changes-to-internet-banking.html
Capital One - OTP to mobile or landline for purchases
https://www.capitalone.co.uk/support/one-time-passcode-terms1.jsf
https://www.capitalone.co.uk/support/one-time-passcode-terms2.jsf
Clydesdale - app, OTP to mobile or landline, plus security token for online banking
https://secure.cbonline.co.uk/landing-pages/strong-customer-authentication/
Co-operative - app, OTP to mobile or email
https://www.co-operativebank.co.uk/security/two-factor-authentication
First Direct - Secure Key (physical or on app)
https://www1.firstdirect.com/help/secure-key/
Halifax - app, OTP to mobile or landline, trusted device (banking)
https://www.halifax.co.uk/aboutonline/changes-to-online-banking/
HSBC - Secure Key (physical or on app) for online banking
https://www.hsbc.co.uk/help/security-centre/simple-safe-secure/
Lloyds - app, OTP to mobile or landline, trusted device (banking)
https://www.lloydsbank.com/online-banking/changes-to-internet-banking.asp
M&S - Secure Key (physical for now, then app later in year), OTP to mobile (initially email too)
https://bank.marksandspencer.com/security/how-we-protect-you/otp-faqs/
https://bank.marksandspencer.com/digital-changes/
MBNA - app, OTP to mobile or landline, trusted device (account servicing)
https://www.mbna.co.uk/managing-your-account/changes-to-online-shopping.html
Metro - OTP to mobile
https://www.metrobankonline.co.uk/ways-to-bank/i-want-some-information-about/fraud-and-security/
Monzo - OTP in use for some purchases? Also app
https://community.monzo.com/t/strong-customer-authentication/68224/3
Nationwide - app, OTP to mobile, card reader
https://www.nationwide.co.uk/support/support-articles/security/strong-customer-authentication
NatWest - OTP to mobile or landline or email, card reader
https://personal.natwest.com/personal/fraud-and-security/sca.html
https://supportcentre.natwest.com/Nonsearch/913268482/What-is-a-One-Time-Passcode.htm
One Account (RBS) - OTP to mobile, card reader
https://service.oneaccount.com/onlineV2/OSV2?event=twofactorlogin
RBS - OTP to mobile or landline or email, card reader
https://personal.rbs.co.uk/personal/fraud-and-security/sca.html
https://www.supportcentre-rbs.co.uk/Searchable/913268482/What-is-a-One-Time-Passcode.htm
Santander - app, OTP to mobile
https://www.santander.co.uk/personal/support/ways-to-bank/changes-to-how-you-log-on-to-online-banking
Starling - as per post #16, no extra authentication needed?
Tandem - OTP in use for some purchases
https://intercom.help/tandembank/en/articles/1978234-online-purchases
Tesco - OTP by text (not clear if landlines supported)
https://www.tescobank.com/security/how-we-protect-you/
TSB - OTP to mobile or landline
https://www.tsb.co.uk/fraud-prevention-centre/security-faqs/#What_is_Strong_Customer_Authentication
Yorkshire Bank - app, OTP to mobile or landline, plus security token for online banking
https://secure.ybonline.co.uk/landing-pages/strong-customer-authentication/
Yorkshire Building Society - OTP to mobile or landline
No link published yet but email quoted at [URL="https://forums.moneysavingexpert.com/discussion/comment/76127086#Comment_76127086[/URL]
Which? beat me to it by doing some investigation and publishing on 13 June, but they also found that not all players had finalised their plans:
https://www.which.co.uk/news/2019/06/new-online-security-checks-exclude-people-without-mobile-phones-or-decent-signal/
Reference documents:
Revised Payment Services Directive (PSD2), FCA, December 2015
Regulatory Technical Standards on strong customer authentication and secure communication under PSD2, 27 November 2017
FCA approach document, v4, June 2019 (industry guidance)
Opinion on the elements of strong customer authentication under PSD2, EBA, 21 June 2019 (casting doubt on validity of OTP solutions and effectively suggesting that national bodies may delay introduction)
FCA response to European Banking Authority's Opinion on Strong Customer Authentication, FCA, 28 June 2019 (recognising the need to reconsider technical approach and implementation timescales, and proposing some industry consultation)
Press release from EPSM (European Association of Payment Service Providers for Merchants), 10 July 2019 (advocating an 18 month delay)
As expected, implementation has been delayed by up to 18 months by the FCA, as covered at https://www.fca.org.uk/news/press-releases/fca-agrees-plan-phased-implementation-strong-customer-authentication and https://www.fca.org.uk/consumers/strong-customer-authentication
As this has cropped up in a number of threads, I thought I'd have a stab at collating what each bank is proposing to implement in response to the regulatory requirement to strengthen security for online purchases and online banking by introducing two-factor authentication.For online banking, the changes will be phased in from 14 September 2019 and completed by 14 March 2020.
For online shopping, we have agreed a plan with the e-commerce industry of card issuers, payments firms and online retailers that gives them 18 months up to March 2021 to implement SCA.
Many banks are publishing their stance on their websites but there are plenty of blanks to fill in, so happy of any and all help in finding confirmed links for the rest - I'll try to keep this updated!
Note that these measures aren't necessarily all in place yet but are planned to be introduced in time for the 14 September deadline, which, as at mid July, looks likely to be delayed (see reference documents below).
(OTP = One Time Password/Passcode)
Barclays - app, OTP to mobile, PINsentry card reader
https://www.barclays.co.uk/digisafe/protecting-you-against-fraud/ still doesn't have details but see posts [URL="https://forums.moneysavingexpert.com/discussion/comment/76148042#Comment_76148042[/URL] and [URL="https://forums.moneysavingexpert.com/discussion/comment/76150789#Comment_76150789[/URL]
Bank of Scotland - app, OTP to mobile or landline, trusted device (banking)
https://www.bankofscotland.co.uk/aboutonline/changes-to-internet-banking.html
Capital One - OTP to mobile or landline for purchases
https://www.capitalone.co.uk/support/one-time-passcode-terms1.jsf
https://www.capitalone.co.uk/support/one-time-passcode-terms2.jsf
Clydesdale - app, OTP to mobile or landline, plus security token for online banking
https://secure.cbonline.co.uk/landing-pages/strong-customer-authentication/
Co-operative - app, OTP to mobile or email
https://www.co-operativebank.co.uk/security/two-factor-authentication
First Direct - Secure Key (physical or on app)
https://www1.firstdirect.com/help/secure-key/
Halifax - app, OTP to mobile or landline, trusted device (banking)
https://www.halifax.co.uk/aboutonline/changes-to-online-banking/
HSBC - Secure Key (physical or on app) for online banking
https://www.hsbc.co.uk/help/security-centre/simple-safe-secure/
Lloyds - app, OTP to mobile or landline, trusted device (banking)
https://www.lloydsbank.com/online-banking/changes-to-internet-banking.asp
M&S - Secure Key (physical for now, then app later in year), OTP to mobile (initially email too)
https://bank.marksandspencer.com/security/how-we-protect-you/otp-faqs/
https://bank.marksandspencer.com/digital-changes/
MBNA - app, OTP to mobile or landline, trusted device (account servicing)
https://www.mbna.co.uk/managing-your-account/changes-to-online-shopping.html
Metro - OTP to mobile
https://www.metrobankonline.co.uk/ways-to-bank/i-want-some-information-about/fraud-and-security/
Monzo - OTP in use for some purchases? Also app
https://community.monzo.com/t/strong-customer-authentication/68224/3
Nationwide - app, OTP to mobile, card reader
https://www.nationwide.co.uk/support/support-articles/security/strong-customer-authentication
NatWest - OTP to mobile or landline or email, card reader
https://personal.natwest.com/personal/fraud-and-security/sca.html
https://supportcentre.natwest.com/Nonsearch/913268482/What-is-a-One-Time-Passcode.htm
One Account (RBS) - OTP to mobile, card reader
https://service.oneaccount.com/onlineV2/OSV2?event=twofactorlogin
RBS - OTP to mobile or landline or email, card reader
https://personal.rbs.co.uk/personal/fraud-and-security/sca.html
https://www.supportcentre-rbs.co.uk/Searchable/913268482/What-is-a-One-Time-Passcode.htm
Santander - app, OTP to mobile
https://www.santander.co.uk/personal/support/ways-to-bank/changes-to-how-you-log-on-to-online-banking
Starling - as per post #16, no extra authentication needed?
Tandem - OTP in use for some purchases
https://intercom.help/tandembank/en/articles/1978234-online-purchases
Tesco - OTP by text (not clear if landlines supported)
https://www.tescobank.com/security/how-we-protect-you/
TSB - OTP to mobile or landline
https://www.tsb.co.uk/fraud-prevention-centre/security-faqs/#What_is_Strong_Customer_Authentication
Yorkshire Bank - app, OTP to mobile or landline, plus security token for online banking
https://secure.ybonline.co.uk/landing-pages/strong-customer-authentication/
Yorkshire Building Society - OTP to mobile or landline
No link published yet but email quoted at [URL="https://forums.moneysavingexpert.com/discussion/comment/76127086#Comment_76127086[/URL]
Which? beat me to it by doing some investigation and publishing on 13 June, but they also found that not all players had finalised their plans:
https://www.which.co.uk/news/2019/06/new-online-security-checks-exclude-people-without-mobile-phones-or-decent-signal/
Reference documents:
Revised Payment Services Directive (PSD2), FCA, December 2015
Regulatory Technical Standards on strong customer authentication and secure communication under PSD2, 27 November 2017
FCA approach document, v4, June 2019 (industry guidance)
Opinion on the elements of strong customer authentication under PSD2, EBA, 21 June 2019 (casting doubt on validity of OTP solutions and effectively suggesting that national bodies may delay introduction)
FCA response to European Banking Authority's Opinion on Strong Customer Authentication, FCA, 28 June 2019 (recognising the need to reconsider technical approach and implementation timescales, and proposing some industry consultation)
Press release from EPSM (European Association of Payment Service Providers for Merchants), 10 July 2019 (advocating an 18 month delay)
0
Comments
-
M&s is HSBC , same card reader and m&s app
OTP to mobile , initially also to email but only temporary basis later text only or ring bank
https://bank.marksandspencer.com/security/how-we-protect-you/otp-faqs/Ex forum ambassador
Long term forum member0 -
Updated my postEx forum ambassador
Long term forum member0 -
NatWest OTP
https://supportcentre.natwest.com/Nonsearch/913268482/What-is-a-One-Time-Passcode.htm
Card reader
OTP via text , email and voicemailEx forum ambassador
Long term forum member0 -
HSBC, M&S and FD its currently a secure key device NOT a card reader. Can also use digital secure key. Its optional for logging in at the moment and only required for adding payees etc currently. Must use this to log in from 5th September.0
-
NatWest OTP
https://supportcentre.natwest.com/Nonsearch/913268482/What-is-a-One-Time-Passcode.htm
Card reader
OTP via text , email and voicemail
RBS the same
https://www.supportcentre-rbs.co.uk/Searchable/913268482/What-is-a-One-Time-Passcode.htmEx forum ambassador
Long term forum member0 -
Ex forum ambassador
Long term forum member0 -
Its good to see Santander have changed their previous comments that you may need to use the mobile app in future. Perhaps as a result of negative feedback??
For those of us who don't want the app their site now says the following
Do I need to have the mobile banking app to continue banking online?
No, you’ll still have the option to use One Time Passcode (OTP).
I don’t want to download the mobile banking app, will I need to move my account to another company?
No, you will be able to use OTP as a way to confirm it’s you.0 -
Fairly sure I read somewhere that Coop (and Smile - who probably need to be added to the list, despite being, actually, Coop) were changing to OTP instead of the existing card reader. But they haven't yet. Can't find the info now though - will look for it.0
-
I think Metro bank are using a OTP to a mobile phone based on this webpage:
https://www.metrobankonline.co.uk/ways-to-bank/i-want-some-information-about/fraud-and-security/0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.7K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards