Skip to main content

Taking payments online? Things are changing for customers and businesses

If you've ever purchased anything online, you're probably familiar with the box that appears with the words, 'Verified by Visa' or 'Mastercard SecureCode'. This little box is called a 3D Secure card payment, and it ensures that it's really you buying those train tickets or that waffle maker, and not someone with your card details who needs to get out of the country or has a serious craving for waffles. 

When you see that box, your bank is having a quick look at your past transactions, and figuring out whether the purchase in question seems like something you'd buy. If they think it looks suspicious, you're asked to put in some additional information to confirm your identity, before they let the transaction go through.

With 3D Secure card payments, the bank can be sure that your purchase is legitimate - you avoid losing your money to hackers, and so does the bank. But if you are selling train tickets, waffle makers or literally anything else online, this system will soon be changing.

Why bother changing it? Why can't I just buy stuff in peace?

Banks, unsurprisingly, are really keen to stop fraudulent payments going through. Millions of pounds are lost to fraud, both on the side of the banks and for individuals; and every time a customer is swindled, its a race against time for the banks to get the money back. 

With 3D Secure card payments, banks accept a certain amount of liability - if they let the purchase go through, and it turns out to be someone on the other side of the world stockpiling kitchen gadgets, they're likely to give you the money back. But banks are trying to make everything more secure, so even the most sophisticated hackers will have to admit defeat. 

Which brings us to Strong Customer Authentication!

Strong Customer Authentication is a new way for banks to check that waffle maker purchase is legitimate. Don't be fooled by its really boring name - it's a significant change for both individuals and businesses. And from September 14th, 2019, it will be mandatory for online payments if your bank and the business’s payment provider are both in the European Economic Area (EEA). 

For individuals, it means that when you try to buy your train tickets or kitchen gadgets you'll be asked for two of the following three things: 

1. Something you know

This could be a password or a passphrase, or a security question like, 'What is your mother's maiden name?', 'What is the first album you bought?' or 'Which animal do you have tattooed on your lower back?'. It can't be any information that's on your card - not the card number, not the CVV code, nothing that a fraudster could have access to. 

2. Something you have

This can be a hardware token (a physical device that can be used in the place of a password) or a mobile phone. 

3. Something you are

This has to be a biometric - so a fingerprint, facial recognition or an iris scan. If you use ApplePay you'll already be familiar with this. We may not be flying to work on our high tech hover boards, but at least we can now buy a waffle maker with our face. 

Something you know, something you have and something you are may sound like a weirdly intense riddle, but banks and businesses alike are hoping that this is going to make every online payment you make even more secure. Which is only going to be a good thing.

I take payments online! How am I supposed to verify a customer's fingerprints?

Don't worry, nobody is asking you to start scanning your customers' irises. If you take electronic payments, the first thing you need to do is check how your payment processor (WorldPay, SagePay, Stripe etc.) is going to handle this transition. Stripe, for example, is going to move everyone currently using 3D Secure to 3D Secure 2, which means they'll be handling all of the authentication. 

If you're not sure who your payment processor is, speak to your IT support team. They should be able to get in touch with your payment processor and figure out what the plan is for processing payments when September 14th rolls around. 

But we're leaving the EU in March...so is this even going to happen?

Strong Customer Authentication is an EU regulation. However, we must be prepared for this change. The government is currently planning to copy all EU laws into UK law, and this may be true of laws introduced after we leave the EU. Additionally, if you're selling anything to customers in Europe, you'll have to abide by these laws.

Still confused?

If you're feeling completely out of your depth with all this payment chat, or have no idea who your payment processor is, make sure you have a word with your IT support. They should be able to let you know what to do next, and how to prepare for the upcoming changes. Ultimately, Strong Customer Authentication is going to be beneficial to both businesses and consumers from a security perspective, even if it means we have to scan our irises from time to time.

Tweet us @TranscenditUK


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
SIRIUS use Transcendit for our IT needs. They are proactive, high quality, charge fairly and are a pleasure to work with. Shkun Chadda

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer
Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner