New Credit Card protocols online

[woodenhead]

Has anyone heard of a new set of protocols impacting shops with an online shop?

 

I used a well known shop this afternoon, who I have used before and in the past 7 days without issue, but today my purchase was straight declined on one card and I had to use another.

 

When I rang my credit card company they told me it was the merchant's fault as they hadn't adopted the new payment protocols and they would be unable to transact with my credit card company until they updated their processes.  Apparently I was not the only person ringing them and I should have seen about this on their website, told them I have heard nothing about any changes and why would I be looking at their web page casually?  The change is being rolled out across Mastercard and Visa, perhaps my credit card company jumped the gun or they have done something wrong, I am going to liaise with the shop and see what they know.

[woodenhead]

Found this on the Guardian, so this is what it is, but it could be a pain for us if retailers aren't prepared

https://www.theguardian.com/money/2022/feb/12/uk-online-shoppers-face-more-identity-checks-as-new-anti-fraud-rules-kick-in

 

It seems like an extension of the mobile verification using passcodes, but my credit card company told me the changes were in addition to that because one time passcodes weren't as secure as they liked because people shared them.  It doesn't seem to make sense to me but it certainly impacted me and I was on the phone 1.5 hours to be told, nothing they can do about it at the credit card company, I should have been aware of it and it's the merchant's fault.

 

First it was, do it all online it's so much easier and now they are adding so many layers of security that it makes the process a stress.

Edited March 4, 2022 by woodenhead

[Andy Hayter]

Our UK banks want to send us an SMS with the codes, which would be fine except that we live in a not-spot and and would have to drive 5km to get a reliable signal.  I have written to the bank to explain and the silence has been deafening.

[woodenhead]

The thing is my credit card company has been doing one time passcodes to identify me via my mobile for years, so I am beginning to think they have ballsed up and are using this as a smokescreen - wouldn't surprise me.

[AY Mod]

15 minutes ago, woodenhead said:

The thing is my credit card company has been doing one time passcodes to identify me via my mobile for years, so I am beginning to think they have ballsed up and are using this as a smokescreen - wouldn't surprise me.

 

Santander notified me that there may be more OTP requests than have previously been the case. Generally I only have to do it on transactions over £200.

[DaveF]

 

I've had e mails from my bank advsing me of the change.

 

On a good day I have a mobile phone signal indoors, if not I'll have to use wifi,

 

It would help if my bank's App loaded quickly.

David

[woodenhead]

1 minute ago, AY Mod said:

 

Santander notified me that there may be more OTP requests than have previously been the case. Generally I only have to do it on transactions over £200.

It was Santander who told me it was the merchant's fault for not changing their website.  I am beginning to think it was a load of b*ll*cks from them, I've used the merchant in the past week without issue and the Guardian indicates it is an extension of the OTP requests which I use all the time.  So no change there really and certainly nothing for the merchant/retailer to have to alter their website payment solution for.

[Deltic]

If you mean the increased length BIN code use, then this will impact most if not all Online and Mail Order sales - even within bricks and mortar outlets. 

 

Seemingly, from the communications sent out to retailers. There could be an issue if you do not use one of the larger process providers - such as WorldPay - with their terminals and back office combined services. Not sure how it may happen if you use Square, SumUp or any of the other many providers.

 

The changes - so they say - is to make purchases more secure and to reduce fraudulent card use. A little like the more checks now made on Contactless purchases since the £100 limit was enacted.

Edited March 4, 2022 by Deltic

[TheQ]

I've certainly had more refusals in the last six months, the most common one?

Refusing my debit card to pay off my credit card... Both with the same bank.

 

Oh we are in a not spot as well, not that it matters, we haven't got mobile phones.

[Jonboy]

Believe it or not a lot of payments could often be put through with just a card number and expiry date, and not other details depending on the merchant account or machine setup. 
 

Higher risk merchants (as in stock or services more at risk of attracting fraud, normally because of ease of resale or high volume merchants) had higher standards needing multiple data points such as card holder address to match or third party authentication (text codes) for many years.
 

This is generally being widened to all merchants which means websites and apps need updating to stream this data to the card merchant service and some banks have moved faster than others to require it.

[woodenhead]

This particular retailer today does I believe have secure purchasing, it was passing through Santander’s OTP system (until today) and was asking for cvv as well as other details.  I’ve also used them plenty of times for amounts in multiples of £100 so my spending was not outside expected parameters.

 

I’ve spoken to the retailer as well to make them aware of what Santander said, and they are going to investigate with their web development company 

[Bucoops]

It's been coming for some time now - years? I find it amusing that they are making online payments harder to do, and in person payments can now be done up to £100 by waving the (stolen?) card at a terminal, not even a PIN needed...

[RFS]

6 hours ago, Andy Hayter said:

Our UK banks want to send us an SMS with the codes, which would be fine except that we live in a not-spot and and would have to drive 5km to get a reliable signal.  I have written to the bank to explain and the silence has been deafening.

 

It depends on your Bank how it works. With HSBC I can do mobile banking using the phone because it connects via broadband wifi, so a mobile signal is not required. If I want to use the PC, then it first asks me to generate a passcode using the mobile, but again the mobile uses wifi to do that. 

 

Another account I have generates a passcode online for you. When you acknowledge it, you receive an automated landline call and are required to enter the passcode.

 

Final suggestion - does you mobile have wifi calling? 

[Andy Hayter]

What Mobile?  As I said we are in a not-spot.  Why would I take outa contract for something I cannot use?

[RFS]

12 minutes ago, Andy Hayter said:

What Mobile?  As I said we are in a not-spot.  Why would I take outa contract for something I cannot use?

I was suggesting you can use a mobile that has WiFi calling enabled. That means when you at home in a not spot you can still make and receive calls via your broadband WiFi.

[thermonuclear]

I placed an online order this morning with a well known retailer in Guildford, value of approximately 90 quid, and had to provide the secret number from an SMS to allow it to go through.  Had to go and find my phone (I never use it and it is generally switched off in a desk drawer) as I was making the order via computer.  I'm in favour of increased card security if it keeps our money safe but I do wonder how/if the banks will find a way to monetize this 'service' to their benefit and our cost.  

[Philou]

I, like @Andy Hayter above, live in a not-spot here in the sticks of eastern France and whilst I upgraded Mrs Philou's mobile to one that is wi-fi enabled - not cheap! - (thanks to Orange who decided that our Femtocell would be switched off, thus no mobile at home), the new phone is not much better for as soon as you move into a part of the house that has no wi-fi (very thick stone walls) the wi-fi connection drops and you have a 'have you tried turning it off and on again situation?'. (Takes a breath) No, this is not an improvement.

 

I have inherited Mrs Philou's old phone and it is NOT wi-fi enabled, so seemingly I shall be stuffed as I assume 'customer not present' will no longer work either. I can always pay by cheque I suppose. Plus ça change ...... etc. I don't think Paypal is affected - yet.

 

Cheers,

 

Philip

[Jonboy]

PayPal send me a text code on approx 50% of logins (not helped I suspect that  I access a work account on the same device…)

[Michael Hodgson]

1 hour ago, Philou said:

I can always pay by cheque I suppose. Plus ça change ...... etc. I don't think Paypal is affected - yet.

 

 

Sorry, but no you can't - an increasing number of business won't take cheques any more.

And the banking industry wants to kill those off completely

[Andy Hayter]

Another with 1/2 metre thick stone walls - dry lined onto a metal framework, which probably acts as a Faraday cage of sorts.

 

So far I have not had an issue with companies not taking a cheque and banks wanting to do away with them simply exemplifies their desire to make profit over their customers' needs.

[icn]

14 hours ago, Bucoops said:

It's been coming for some time now - years? I find it amusing that they are making online payments harder to do, and in person payments can now be done up to £100 by waving the (stolen?) card at a terminal, not even a PIN needed...

At most one person can steal your physical credit card. An unlimited number of people could steal the numbers on your card and attempt to buy things online.

 

Now... it's odd that banks are using SMS, it's not the most secure - but better than nothing. Most of the financial providers that I use rely on an app instead (which thus works on Wifi, and is generally more secure). For better or worse, almost everyone has a phone these days, and given they are a proven tool in reducing fraud I think the populace are going to have to get used to using them whether they want to or not.

 

Of course a much better solution is to implement some kind of solution that lets you push the money instead of the vendor pulling money based on your credit card numbers. Those solutions exist, and are popular in some countries - and they're a lot more convenient as a customer (website shows you a QR code, you scan it with your payment app - no need to type in numbers), but alas it takes a while for people to switch.

 

12 minutes ago, Andy Hayter said:

So far I have not had an issue with companies not taking a cheque and banks wanting to do away with them simply exemplifies their desire to make profit over their customers' needs.

Cheques are much more costly for banks (if you're willing to pay fees for it that's alright - but I suspect banks have realised that most people would rather switch to other methods than pay for cheques, hence its easier to scrap them). And they have their own security problems.

 

Also, as someone who lives outside the UK there's nothing worse than those vendors who refuse to take anything but a cheque. The sooner that cheques are banned the better from my perspective.

[spamcan61]

2 hours ago, Michael Hodgson said:

Sorry, but no you can't - an increasing number of business won't take cheques any more.

And the banking industry wants to kill those off completely

From memory my bank would charge me 86p or thereabouts for processing a cheque, so not surprising retailers won't take them.

[Andymsa]

It appears that there are some complaints on the new security systems being put in, although I understand the frustrations in this I certainly support these new protections especially after fraud was done to one of our accounts recently. The odd thing was the cvv code wasn’t used and was an online transaction to a french toy shop, even the bank thought something was odd with the transaction. Fortunately my financial manger (wife) spotted this immediately and money’s put back into our account.  But any new protections are only as good as the banks applying the protections as it seems odd they allowed a foreign transaction with no CVV.

[Michael Hodgson]

Cheques were going to be finishing in 2018 but the Government has said they must still be available.

Cheque Guarantee Cards have already finished however, and it's about 20 years since eurocheques ended.

That doesn't mean that we can necessarily expect free banking - the banks can charge for providing the service.

In fact when I first opened an account, it cost the issuer 2d in Stamp Duty for every cheque issued (legally a postage stamp could be used and a cheque could be witten on anything, but as the stamp duty was pre paid on cheques most people thought they had to buy a cheque book for five shillings - in fact they were paying the tax.  But the cost was why people didn't use them for low value transactions like buying a newspaper.

 

 

[Steamport Southport]

Yep. I've been getting the messages from the bank for a while. Usually hidden somewhere on the statement.

 

Seems like I'm going to have to get one of those evil phone things.....

 

I have occasionally had to borrow one when attending events due to the Covid tests, but can't work out how to use it for anything else. I'll have to borrow a ten year old to show me how to use it. 

 

 

Jason