Click enter
Suggestions

    Online fraud prevention

    What is the PSD2?

    The second European Directive on Digital Payment Services (Payment Service Directive 2) was implemented in November 2015 by the European Commission in benefit of the consumer. How? Improving security in electronic payments, promoting innovation and competition between countries and suppliers, and contributing to the development of a more integrated and efficient payment market across Europe.

    In addition, PSD2 establishes certain Regulatory Technical Standards (RTS) to improve customer authentication. These began to be implemented on September 14, 2019.

    What is SCA?

    Among the most important items introduced by PSD2 is enhanced customer authentication, known as SCA (Strong Customer Authentication). This is a compulsory procedure used to authenticate customers using two factors belonging to any of the following categories:

    • Something that only the customers knows, like a PIN or password.
    • Something that only the customer possesses, like his or her cell phone.
    • Something that only the customer is, like a fingerprint.

    This two-factor authentication procedure is mandatory each time the customer:

    • Logs in to his her online accounts (on the website and app).
    • Initiates electronic payment transactions (transfers, e-commerce payments, etc.).
    • And/or takes some action through remote third-party channels that were not used until now.

    It is important to highlight that there are cases in which it will not be necessary to apply SCA, e.g. for payments with a gift card or purchases of low value. Nevertheless, cardholders must be aware that this additional security validation needs to be carried out more often than before.

    What does this regulation imply?

    All parties involved in an e-commerce process in Europe, including banks, payment service providers with Visa or Mastercard, businesses, etc., must implement additional measures to ensure that they comply with the regulatory requirements of PSD2.

    Customers may encounter different ways of accessing their accounts through remote channels (app or website) or different ways of making electronic payments such as bank transfers, online purchases, or physical payments with contactless cards in Europe.

    What does this mean for me as a BBVA customer?

    At BBVA we have been working for a long time to adapt our high security standards to the new requirements of this directive, always with the goal of maintaining a great user experience for our customers.

    Therefore, whenever the regulations allow and our security measures, which are “invisible” to customers, guarantee that the transaction is carried out by the customer, we will avoid using the two-factor authentication process. This will make transactions more convenient. When required by law, we will request two-factor authentication.

    Here are some simple examples to help you understand how these developments that work to ensure the safety of your money will affect you.

    1. A customer paying on an online store with a card:

    • They access the payment page of the online store as usual.
    • They are asked to enter their card details.
    • To complete the transaction, they will be asked for additional security information (what is called “credentials” and which may be a one-time key). This information may be requested on the same page or via an application on the mobile phone.
    • When the credentials are authenticated, the usual transaction confirmation page will then be displayed.

    2. A customer paying in a physical store with a Contactless card:

    • They pay by placing the contactless card near the payment terminal.
    • It is possible that they will be asked to enter their PIN more often than usual: when making more than 5 Contactless payments of less than €20 or when the sum of the Contactless payments exceeds €100.

    3. A customer wants to access their accounts via the website or the app:

    • Beginning in September, when the customer first enters the app or online banking website, two-factor authentication is requested.
    • Every 90 days or when accessing information older than 90 days, they will be asked again for enhanced authentication, as required by the regulations.
    • Once authenticated, they can access their accounts as usual.

    Do I have to do anything?

    Yes, it is important that BBVA has your updated and certified cell phone number, as we will use it as an authentication factor with a One Time Password (OTP) which you will receive on your cell phone to authenticate access to accounts and conduct electronic transactions.

    If your cell phone is not certified, meaning, we are not sure that the person receiving the unique access code is you, you will not be able to access your accounts via the website or the app or make payments online.

    To certify your cell phone, speak with your Adviser as soon as possible.

    For further information, call the BBVA Helpline on +351 21 391 14 16* / 707 256 256** Monday to Friday from 7:00 am to 9:00 pm and Saturday from 9:00 am to 9:00 pm or through apoio.clientes@bbva.com.

    * National landline call / ** Calls to numbers from the 707 range have a cost of €0.10 + VAT per minute for calls from landline phones and €0.25 + VAT per minute from cellphones, the tariff being defined per second from the first minute onward.