- Strong authentication of customers for electronic payments obligatory from 14 September
- eco Association offers seven tips for secure two-factor authentication
Cologne, 09.09.2019 – Whether it’s streaming services or gaming platforms: Many of the innovations presented at the IFA in Berlin this week are usable over the Internet and are paid for online. To make this secure, the EU Payment Service Directive 2 (PSD2) is obligatory from 14 September. The directive prescribes two-factor authentication for online payments, and makes mention of strong customer authentication. This means that customers need to identify themselves in two ways, such as with a password and with a transaction number (TAN), in an app, or via SMS.
“Creating security in e-commerce is a continual process,” says Markus Schaffrin, security expert at eco – Association of the Internet Industry. “The rules of the PSD2 are a good way of making sure that customers do not need to fear identity theft or having their payment details abused.” With the seven tips below from the eco Association, customers can make their payments more secure from 14 September:
- Use two-factor authentication whenever possible. For credit cards, the 3-D Secure procedure – which requires a second factor – increases security. Other payment service providers are also offering two-factor authentication as an option.
- Use two factors from different categories as identification. Use a combination of your own knowledge, such as a password or a PIN, things that you have in your possession, like a smart card or a TAN generator, and/or biometric data, such as your finger print.
- Use two different devices. If a provider sends you a TAN via an app or SMS, then for security reasons, this should be received by a different device. For example, you can shop with the laptop, and use your smartphone to verify the payment. A further possibility is to make use of a hardware TAN generator, such as a ChipTAN generator or a PhotoTAN generator.
- Use strong passwords. Choose strong passwords with a minimum of eight characters, including letters, numbers and special characters, and never use a password twice. A password manager with a master password helps you to keep an overview.
- Do not save passwords in the browser, and never pass on passwords or TANs to others. In this way, you prevent possible access by unauthorized people.
- Keep all devices up-to-date. Activate automatic updates on all devices that are involved in payments, in order to keep the software up-to-date and to close known vulnerabilities.
- Do not use rooted mobile devices for online payments. Anyone who bypasses the built-in software restrictions on a smartphone by rooting their Android device, or gains access to central functions of their iPhone through jailbreaking, exposes themselves to greater risk. The superuser rights that a user has on such a smartphone can also become a gateway for malware and criminals.