Shopping > Stories

New measures to stop fraudsters in their tracks

Patrick Christys
Sep 3, 2019

Credit card fraud is like a never-ending juggernaut of misery.

As soon as banks seem to have cracked it, ingenious criminals figure out a new way of getting their grubby hands on your money.

I was actually defrauded twice in two weeks and, had it not been for the fast-acting team at Royal Bank of Scotland, I could have lost thousands of pounds. 

It turned out the fraudsters had managed to access my laptop and waited until I inputted my bank details. When I'd overcome that the first time, they managed to get into my Deliveroo account and access my security information that way.


But now companies are introducing new measures to make online payments more secure - it's called Strong Customer Authentication.


A number of banks and credit card providers - as well as the likes of Apple and payments solution provider Stripe - have also published advice.

This is according to the BBC:

What is Strong Customer Authentication?

SCA originates from an EU directive designed to reduce payment card fraud across the continent.

Banks and retailers had been expected to introduce the measures on 14 September, when the law will officially change, but many were not ready.

Instead the Financial Conduct Authority has effectively delayed it, saying it won't enforce the law until March 2021.

However, it still expects providers to introduce the measures in a staggered approach over the next 18 months - although when you start noticing changes will depend on who you bank with and where you shop.

An estimated £671m was lost to fraud on UK payment cards in 2018, a 19% increase on the previous year.

How will it work?

Under SCA, if an online shopper spends more than about £28 in one transaction, payment providers will be required to ask for an extra form of verification.

This will usually be sent by your bank as a one-time password by text to a mobile phone.

Alternative forms of verification could include a thumbprint on a smartphone or voice recognition.

Shoppers will also see changes in stores: for example, you may find yourself occasionally being asked to enter your pin number when making either a contactless payment or using a mobile wallet such as Apple Pay.

Why was it delayed?

Retailers and banks lobbied the government saying the 14 September start date was unrealistic.

According to the British Retail Consortium, the fact providers would not have been ready would have created "significant disruption to online payments".

As a result, it estimated the number of e-commerce transactions carried out in the UK would have dived by 25-30%.

"The technical solutions weren't going to be ready on time, nor the guidance to go with them," said Andrew Cregan, the consortium's payments policy advisor.


"You could have seen online transactions abandoned due to people simply not receiving the passcode if their bank didn't hold the correct phone number or if there was no mobile signal."

That said, providers are increasingly likely to contact you to remind you about SCA changes over the next 18 months.

Asked about John Lewis's decision to contact its customers this week, a spokeswoman for the retailer said: "We are trying to give customers the heads-up, so there won't be any barriers to transacting. We want to be on the front foot."

Here at A Spokesman Said we love fighting for your rights and believe fervently in natural justice.

But these battles cost us money. You could help us fund these fights by using our price comparison site, A Spokesman Said for your energy, car insurance and household bills.

We’re just the same as Go Compare or any other price comparison site, so you won’t be losing out in any way - by helping us, you will be helping yourself.

Thank you for your support.

Are you paying too much interest?

See if you could save by switching credit card - we compare, you save