The amount of security checks are becoming ridiculous.

eskbanker

AstonSmith said:

The second half (phone call etc) seems a bit weird. Surely the company doesn't have liability since the SCA process was followed (CVV, 2nd factor auth)?

SCA is there to protect the bank's interests, and/or arguably the customer's, but not the merchant's, so the latter may have their own fraud prevention measures to suit their own risk assessment.

flaneurs_lobster

eskbanker said:

AstonSmith said:

The second half (phone call etc) seems a bit weird. Surely the company doesn't have liability since the SCA process was followed (CVV, 2nd factor auth)?

SCA is there to protect the bank's interests, and/or arguably the customer's, but not the merchant's, so the latter may have their own fraud prevention measures to suit their own risk assessment.

But the "merchant" emailed @[Deleted User] asking them to call, I'd be wanting the "merchant" to prove who they are rather than vice versa. 

DullGreyGuy

flaneurs_lobster said:

eskbanker said:

AstonSmith said:

The second half (phone call etc) seems a bit weird. Surely the company doesn't have liability since the SCA process was followed (CVV, 2nd factor auth)?

SCA is there to protect the bank's interests, and/or arguably the customer's, but not the merchant's, so the latter may have their own fraud prevention measures to suit their own risk assessment.

But the "merchant" emailed @[Deleted User] asking them to call, I'd be wanting the "merchant" to prove who they are rather than vice versa. 

Why when you are the one calling them? Easy enough to get the company's telephone number from their website if you dont trust the one in the email and the OP clearly trusts the company enough to give them £400 of their hard earned money on the promise of goods/services in return after.

flaneurs_lobster

DullGreyGuy said:

flaneurs_lobster said:

eskbanker said:

AstonSmith said:

The second half (phone call etc) seems a bit weird. Surely the company doesn't have liability since the SCA process was followed (CVV, 2nd factor auth)?

SCA is there to protect the bank's interests, and/or arguably the customer's, but not the merchant's, so the latter may have their own fraud prevention measures to suit their own risk assessment.

But the "merchant" emailed @[Deleted User] asking them to call, I'd be wanting the "merchant" to prove who they are rather than vice versa. 

Why when you are the one calling them? Easy enough to get the company's telephone number from their website if you dont trust the one in the email and the OP clearly trusts the company enough to give them £400 of their hard earned money on the promise of goods/services in return after.

I take your point but many people would just call the number quoted in the email. It's a common enough phishing scam to pretend to be an email from your bank quoting a number to ring or a link to click.

eskbanker

flaneurs_lobster said:

eskbanker said:

AstonSmith said:

The second half (phone call etc) seems a bit weird. Surely the company doesn't have liability since the SCA process was followed (CVV, 2nd factor auth)?

SCA is there to protect the bank's interests, and/or arguably the customer's, but not the merchant's, so the latter may have their own fraud prevention measures to suit their own risk assessment.

But the "merchant" emailed @[Deleted User] asking them to call, I'd be wanting the "merchant" to prove who they are rather than vice versa. 

Yes, I was specifically addressing the suggestion that SCA had protected the merchant, rather than agreeing with the merchant's choice of contact method!

Rob5342

Even with the extra checks it's still far more convenient than using cash or cheques was. I remember sending cheques off to order computer games and it taking tlat least two weeks to receive the game.

[Deleted User]

flaneurs_lobster said:

Don't care if banks insert lots of checks if it stops bad people stealing my money. 

I'd be more worried about that email/call from "the company" asking for lots of information they don't need, think you were right to terminate that conversation.

Did you still get your £400 thing? 

Yes they still dispatched it. Or will do so soon. But the order is approved. Which begs the question what was the point in the first place! To add I have ordered before from them without this issue. I had sent them an email to ask why I needed to call.

[Deleted User]

MattMattMattUK said:

[Deleted User] said:

tacpot12 said:

You need more layers than you might imagine. The criminals are resouceful, persistent and merciless. 

Yes but it remains the case that many websites to do not need authentication to be completed. So the criminals will just use those sites. 

Different companies have different appetite for risk, if you have a low appetite for risk and that means that you lose some orders, but all the criminals go to your competitors I would personally view that as a win. 

[Deleted User] said:
Secondly they are removing the ease which made electronic payments benefit over cash. 

Not really, cash is an absolute pain in the behind, even the process you describe, which I have never had the subsequent phone call still sounds far more convenient than using cash and making an in person payment. 

I understand if you were ordering something of high value. 

I think we will have to agree to disagree re cash. Next time I am going to buy this particular item in cash. It’s a collection of items I buy one each month or so. 

Shakin_Steve

[Deleted User] said:

I have tried to make a purchase of an item for £400. I put in my payment card, it then asks me to confirm the three digit code on the back of the card (as has always been the case). Next the website loads up a Barclays payment box and asks do I want to sent a text code or use the app. I select use the app. The app on my phone thing pings, I go to open it, it asks for verification, which I enter, it then asks me to confirm the payment is correct. I select yes, i then go back to the website and select that I have OK'd the payment. The order then completes. 

Three days later the company emails me advising I need to call them to confirm I made the order, I call them, they start asking me for my details. what is your DOB, what is your address, could I confirm the last four digits of the card. I said I am not giving them details over the phone. And the call ended. I mean what a lot of rot. I might as well go and draw out cash and pay for something in person. How many layers of security do you need?

The company may know your address and the last four of your payment card, but how would they know your DOB?

[Deleted User]

Shakin_Steve said:

[Deleted User] said:

I have tried to make a purchase of an item for £400. I put in my payment card, it then asks me to confirm the three digit code on the back of the card (as has always been the case). Next the website loads up a Barclays payment box and asks do I want to sent a text code or use the app. I select use the app. The app on my phone thing pings, I go to open it, it asks for verification, which I enter, it then asks me to confirm the payment is correct. I select yes, i then go back to the website and select that I have OK'd the payment. The order then completes. 

Three days later the company emails me advising I need to call them to confirm I made the order, I call them, they start asking me for my details. what is your DOB, what is your address, could I confirm the last four digits of the card. I said I am not giving them details over the phone. And the call ended. I mean what a lot of rot. I might as well go and draw out cash and pay for something in person. How many layers of security do you need?

The company may know your address and the last four of your payment card, but how would they know your DOB?

They suggested I had given it to them when I opened an account online.