From 14 September onwards, some of the aspects that have the biggest impact on payment service users will be coming into effect, and we wanted to inform you of this.
One of the main aims of this policy is to improve the safety of remote operations to reduce fraud in these services.
Hence, it introduces the concept of strong customer authentication (SCA), which is based on a second authentication factor. When a user wishes to carry out an operation, they must identify themselves through the combination of two of the following three authentication factors:
Strong authentication will not only be mandatory for payment operations, but also when logging in for the first time and periodically (maximum 90 days from the last secure access) to use digital banking channels.
It will also be required to view account movements more than 90 days old.
On our digital channels, strong authentication will be carried out by means of:
The implementation of strong authentication in e-commerce payments made with bank cards is being delayed, and so will not be implemented in September.
We will keep you informed about this.
Some payment operations will be exempted from the requirement for strong authentication. In our case, on 14 September, we started applying the following:
Therefore, these operations will be confirmed by pressing the OK button.
We will soon be implementing the following exceptions:
So that we can carry out strong authentication, we need your mobile phone number, which must be linked to your virtual branch contract and your bank card.
Log into online banking (Tools/ Personal details/ Mobile phone) to confirm that we have your correct number, and whether you can change it online or you need to go to your branch to do so.
NEW WAYS OF OPERATING
Another of the objectives of the new directive is to increase the range of payment services available to users. To do this, two new figures have been created:
Who will be able to initiate payments directly against the user;s accounts held with their Financial Institution.
Who will be able to collect information about user accounts in one or several financial institutions and aggregate it so that it can be presented all together.
You can share information securely between Financial Entities and any company wishing to offer Digital Payment methods to their customers associated with innovative financial products.
Information for Financial Service Providers (TPP)
These rights are set out in the revised Payment Services Directive (DSP2), the Payment Accounts Directive and other EU legislative acts, the purpose of which is to make payments safer and easier.