You are here: 

Important step for strengthening of security of online payments: Strong Customer Authentication compulsory from today for e-Commerce card payments

Release Date: |

With effect from today, 15 March 2021, strong customer authentication (“two-factor authentication”) is also required by law for card payments in the field of e-commerce. The deadline extension for the introduction of strong customer authentication that was granted by the supervisor to allow better preparation in this areas has now expired. When accessing a payment account online, making electronic credit transfers, or in the case of “Point of Sale” payments strong customer authentication has already applied throughout Europe since 14 September 2019. In the case of payments in the field of e-commerce (using credit cards or debit cards) strong customer authentication is required to be conducted on a mandatory basis, in the case that a statutory exception is not applicable.
Strong customer authentication is intended to contribute towards the prevention of fraud in payment transactions as far as possible. It means that the identity of a person making a payment is to be verified using at least two out of a total of three factors. These elements are:

  • Knowledge – something that only the person making the payment knows, such as a password
  • Possession – something only the person making the payment possesses, such as a card that is read by a card reader or a mobile phone, on which a one-time password (TAN Code) is received
  • Inherence – something that only the person making the payment is, such as a fingerprint or a facial scan

Strong customer authentication is defined in the Payment Services Directive II (PSD II) that entered into force on 13. Janunary 2016, and which was transposed into national law – with transitional periods – on 01 June 2018 by the Payment Services Act 2018 (ZaDiG 2018; Zahlungsdienstegesetz 2018). Originally undertakings had until 14 September 2019 to migrate to strong customer authentication.

Further information about strong customer authentication can be found on the following link.

Journalists may address further enquiries to:

Klaus Grubelnik (FMA Media Spokesperson)
+43 / (0)1 / 24959-6006
+43 / (0) 676 / 88 249 516