Warning: Online payments could be declined if your debit and credit card contact details aren't up to date as new fraud rules take force today
Debit and credit card users must ensure their bank or lender has their up-to-date contact details as new rules take force today that see card providers forced to check if it's really you making transactions. If your card firm can't reach you, your payment could be declined. Here's what you need to know.
From today, payment providers must comply with new fraud-prevention rules, known as 'Strong Customer Authentication (SCA)', which require both debit and credit card providers to ask customers to verify certain payments.
As a result, you may get a text or phone call from your card firm when you make an online transaction requiring you to confirm you are who you say you are - so don't just ignore this or wrongly assume it's a scam. The new rules officially take force today, though many providers have been gradually rolling out the new verification processes since last summer.
The idea behind the move is to create a new layer of security to protect shoppers and their money. See 30+ Ways to Stop Scams for more on scams to look out for, how to protect yourself and what to do if you're a victim.
Card-by-card provider info on how to update your details
Make sure your card provider has ALL your correct contact info. That includes your mobile number, landline number and email address, if you have all of those. See the table below for how to check and update this information with your bank or lender.
Bank or card firm | How to update your contact details |
---|---|
American Express | |
Bank of Scotland | |
Barclays / Barclaycard | |
Capital One | |
HSBC | |
Halifax | |
Lloyds | |
MBNA | |
M&S Bank | |
Natwest | |
Nationwide | |
RBS | |
Santander | |
TSB | |
Virgin Money |
How card firms decide which payments to verify
A number of different factors determine if a payment needs to be verified, including the type of payment, who you're paying, amount and card firm - and crucially each provider has its own definition of 'high risk' and 'low risk' transactions which may override any other factors. But the following are typically more likely to be verified:
Online payments over £25.
Online payments up to £25 where you've made multiple payments in a row totalling more than £85. There's no set time period for this to happen in, and payments can be to different firms.
New or modified recurring payments - though NOT typically recurring payments made to the same provider, eg, for a Netflix subscription. Recurring payments are regular payments of the same amount that you set up using the long number across your credit or debit card.
Regulator the Financial Conduct Authority (FCA) hasn't given an indication of what proportion of online transactions are being verified, saying this will be down to providers assessing risk in line with its guidelines. However, payment provider Mastercard has suggested it will apply to one in four transactions. So if you regularly buy online, doing these checks is likely to become routine.
If you have to verify a payment, it'll be via text, phone call, app or card reader
Here's how it works:
Your bank may send you a text message. This will have a verification code you'll need to enter online.
Your bank may call your landline. Here, you'll be shown a code on the payment screen, and asked to enter it or speak it into your phone during an automated call.
You may be asked to log in to your card firm's app. Typically you can do this by using the built-in fingerprint scanner or facial recognition - once you've logged in, your payment should go through.
You may be asked to use your bank's card reader. These are small devices issued by some card firms (not the same as a card terminal used for payments). You insert your card into it and log in in the normal way and you'll be given a verification code to enter online.
The method of verification card firms try first is down to them, as is whether or not they'll try to contact you via an alternative means if the first attempt is unsuccessful. You'll sometimes be able to choose how to verify a transaction at checkout though, for instance via a text or an email. You also may see a "didn't receive the text?" button, which will let you try a different contact method.
In order to ensure transactions don't get declined, it's crucial to make sure your card firm has your correct info.
However, if a payment is declined while you're shopping online, it may also be because a retailer has not yet implemented SCA rules (retailers aren't regulated by the FCA in the same way payment providers are and therefore don't need to meet the 14 March 2022 deadline). If this happens, contact the retailer and find out if there's an alternative way to pay.
Remember, your bank will NEVER ask for your PIN or full password
Given these changes you may now get texts and calls when making an online payment - and as we explain above, don't ignore these or your payment won't go through. Yet it's also important to remain vigilant and be aware that some scammers may use these new rules as an opportunity to try to get their hands on your personal and financial information.
Remember, your bank or card firm will NEVER ask for your PIN, password, date of birth, address or other personal details to verify a payment under this system, so if you're asked for anything other than a verification code it's likely a scam. For more info on protecting yourself from scams, see banking trade body UK Finance's Take Five tips and our 30+ Ways to Stop Scams guide.
This isn't a one-off - it applies to transactions on an on-going basis
These security checks aren't something you'll be asked to do once and never again – they are on-going and apply to any qualifying card transaction online. So it's something we'll need to get used to.
The new SCA verification process has applied to online and mobile banking since 14 March 2020, so you may have already noticed certain actions requiring identity confirmation, including logging in and transferring money to somebody else. And SCA checks also already apply if you make multiple contactless payments - if you make several payments in a row totally more than £300, you are asked to verify your identity by entering your PIN.