PAYMENT SERVICES DIRECTIVE (PSD2)
What is PSD2?
The second Payment Services Directive or PSD2 is a European law which came into force on 14th September 2019 and which makes it more secure for you to make electronic payments when shopping online or using online banking services.
PSD2 aims to make payments safer, increase consumer protection and continue to foster innovation and competition while maintaining a level playing field for all parties.
PSD2 legislation brought about changes to how you use digital payments channels and shop online by introducing added security rules referred as Strong Customer Authentication (SCA).
What is Strong Customer Authentication (SCA)?
Strong customer authentication is the process that validates the identity of you the user when you log in to access online and mobile banking and for further services such as making payments or changing your address.
Since September 2019 you have been asked for additional security credentials. We also send you notifications to ask you to confirm that you have authorised payments, logged in or wish to make changes to your accounts. We have also implemented additional fraud prevention measures. Our online terms and conditions have been updated to take account of these changes.
How does SCA work?
Since the 14th September 2019 when accessing your account or approving certain actions, you are required to authenticate yourself using two out of three of the following:
- Something only you know e.g. Password or PIN
- Something you have e.g. Mobile Application
- Something you are e.g. Fingerprint or Facial Recognition
When does SCA it come into effect?
It has been effective since 14th September 2019.
Why is this happening?
The second Payment Services Directive (PSD2) came into effect on the 13th January 2018 which contained 12 mandates. One of these mandates covered Strong Customer Authentication, the Regulatory Technical Standards (RTS) which were effective from the 14th September 2019, details how the mandate should be implemented. Accordingly, all account providers, online retailers etc. are required to comply with these Standards.
When is SCA applied?
SCA will be used when you do any of the following actions on your cuOnline account:
- Access your account
- Initiate a payment
- Initiate an action which may imply a risk of payment fraud, such as creating a new payee.
Can I opt out of using SCA?
No, the EU directive is mandatory and all cuOnline users will be required to complete SCA.
What do I need to do?
To make this change easier, check that your mobile phone number and personal details are up to date on your cuOnline profile, or you can call into your local branch.