New, stricter requirements for online card payments
PSD2 (the EU Payments Directive) requires strong customer authentication (SCA) from 01.01.2021 when using cards online.
This is to enhance security for card payments online and means that customers will need to use strong customer authentication more often when using cards for online shopping.
Strong customer authentication means that cardholders provide proof of identify using two of the three following steps:
- Something you have (for example: payment card, code device, phone or tablet)
- Something you are (for example: facial recognition or fingerprint)
- Something you know (for example: PIN or password)
As a customer, when you shop online you will normally be asked to confirm the payment with 3-D Secure. Normally, 3-D Secure is confirmed using BankID or BankID on Mobile. This solution has been in use for online shopping for many years. However, some online retailers, both in Norway and abroad, may not have set up solutions in accordance with the requirements. With these online merchants, you may find that some card payments are rejected.
Some examples that are not covered by strong customer identification:
Transactions where the merchant is registered outside the EU/EEA, including Great Britain and Gibraltar. Merchant-initiated card transactions, such as for subscriptions.
We recommend that you:
Make sure you have access to the BankID app, BankID or BankID on Mobile, and ensure you can access the code/password.
Order BankID or BankID on mobile
If you don’t have a BankID app or BankID on your mobile phone, we recommend you order it