The information printed on credit cards is no longer considered valid to authenticate consumers in purchases made online. This authentication must be done using a password, message sent to the mobile phone or fingerprint.
If you make purchases online, be aware of this change.
It is no longer possible to use the CVV / CVC code for online shopping
With the entry into 2021 there are also changes in payments for purchases made online. The new European Payment Services Directive, or, as commonly known, PSD2 (acronym in English Payment Services Directive 2), came into force on November 3, 2018, in Portugal and the services were adapting.
The new regulatory framework no longer considers the details printed on payment cards (such as the card number, expiration date or CVV / CVC code) valid for online shopping authentication, as they may be appropriate by third parties and are not considered data for strong authentication.
Thus, when a customer makes a transaction in online purchases he needs to combine at least two elements from different categories:
- as something you know (example: password)
- you have (mobile phone or other device)
- or inherent to it (fingerprint, for example).
So, for example, a customer may want to make a purchase via his mobile phone and will also be asked for a fingerprint. At least two validation factors will always be needed.
The Payment Services Directive (PSD2) ...
The second Payment Services Directive (PSD2) is a European Union directive, transposed into Portuguese law through Decree Law 91/2018, which updates and complements the rules established by PSD1 and its main objectives:
- Contribute to a more integrated and efficient European payments market
- Making payments safer and more efficient
- Foster a level playing field between payment service providers
- Strengthen consumer rights
- Promote the adoption of innovative payment services
If you usually shop online, be aware of these changes. Some brands and services have already made known such changes that aim at better user safety.