Breaking:

Éric Zemmour: his partner Sarah Knafo makes a big announcement

Ukraine war in the live ticker: +++ 01:02 Politico: Zelensky told Johnson that Ukraine could hold out until March or April without US help +++

PSG, hooked by Le Havre, still has to wait to celebrate its title

Estée Lauder: AI innovation laboratory with Microsoft

Good deal – The JBL Tour One M2 “5 star” nomadic headset at €179.99 (-10%)

Card payment with 3-D Secure – Online shopping: Not always with a second authentication – Kassenrutsch Espresso

7 February 2024

Contents

3-D Secure is a security check for payments in online shops. This is not always required.

Whether it’s a sweater, a plane ticket or a printer cartridge: you can easily buy many things online and pay with a credit or debit card. You often have to confirm such a transaction again, for example using a fingerprint or SMS code that is sent to you.

This second authentication is a security check and is called 3-D Secure. Some credit cards are set this way by default, with others you have to activate it yourself.

Amazing: Even if you have activated 3-D Secure, you don’t have to confirm every payment a second time. For what reason?

Online shops and card issuers decide on 3-D Secure

An online shop decides for each individual transaction whether it offers 3-D Secure or not. If not, no second authentication occurs. This applies to all online shops where you pay with a Swiss card. Next, the ball is in the court of the bank and/or the card issuer.

“Strong authentication” versus “frictionless flow”

If the shop chooses 3-D Secure, it is up to the bank or card issuer how they implement 3-D Secure. Basically you have two options:

With “strong authentication” you have to confirm a payment again.

With “Frictionless Flow”, the payment goes through without a second authentication by the customer. However, the payment will still be checked.

Activate dual authentication: Online shops such as Amazon or Digitec Galaxus offer this on their websites. When you log in, you are given a code that you have to enter to confirm that you are really the person who wants to order something. This can prevent someone from ordering products under the wrong name to the wrong address. Dual authentication is not the same as 3-D Secure.
Use strong password.
Push message for transactions: Various banks and credit card companies offer a service where you receive a push message, email or SMS with every transaction.

Own security systems

Visa, Mastercard and American Express set the framework for 3-D Secure. Within this framework, banks and card issuers have their own security system that assesses the risk of possible fraud for each payment. Depending on the situation, payment is made with “frictionless flow” or “strong authentication” is required.

For security reasons, the banks don’t want to say exactly under which conditions a payment will be made “frictionless”, but this much is clear: This only happens in the case of a low amount, or if you have frequently ordered something from a well-known shop and have already had one Had to confirm payment. In cases of doubt, “strong authentication” is used.

Viseca credit cards use “strong authentication” for every transaction. Viseca cards are available from Migros Bank, the cantonal banks and the Raiffeisen banks.

Who is liable and when?

Banks and card issuers say that there is no greater risk for the customer even with “Frictionless Flow”. Therefore, as a customer it is not possible to insist on “strong authentication”. With “frictionless flow”, the bank is liable as long as the customer has not breached the duty of care.

With “strong authentication”, the customer is liable if he accidentally confirms a payment that he did not make.

And if an online shop does not offer 3-D Secure, the shop is liable if the card is misused.

Banking Ombudsman: More cases due to “strong authentication”

The banking ombudsman has only had one case of misuse with “frictionless flow” so far; the problem lies more with “strong authentication” because many customers confirm a payment too quickly that they have not made.