In the latest edition of its “Let’s talk about money” consumer information series, the Austrian Financial Market Authority (FMA) informs about how consumers are able to make online payments safely using strong customer authentication, as well as what precautionary measures should be observed when making payments over the Internet.
Safe online payments using strong customer authentication
Strong customer authentication means that the identity of a person making a payment is verified using at least two out of a total of three factors. These factors are:
- Knowledge – something that only the person making the payment knows, such as a password
- Possession – something only the person making the payment possesses, such as a card that is read by a card reader or a mobile phone, on which a one-time password (TAN Code) is received
- Inherence – something that only the person making the payment is, such as a fingerprint or a facial scan
By combining these security factors strong customer authentication contributes to preventing payment fraud – for example a card payment for online retail can only be made using a password and a code that is received via a mobile phone. This way the factors of knowledge (password) and possession (mobile phone) are fulfilled.
Handle sensitive data with care
The FMA generally urgently recommends that sensitive data – like passwords, PIN codes and credit card details – should always be kept secret, and should not under any circumstances be divulged over the telephone or by e-mail. Trusted devices and secure, encrypted connections should always be used when making online payments.
Reversal of online payments
Under certain circumstance, payments that already been made may be reversed, whether and how depends on whether a credit transfer was made, a credit card charged or a SEPA direct debit made.
Further information can be found at:
Journalists may address further enquiries to: