By Mark Fairlie.

A new EU regulation called “Payment Services Directive 2” (PSD2) may lead to consumers living in areas with poor mobile reception facing increased difficulties making online purchases, according to James Daley, the managing director of research and ratings agency, Fairer Finance.

Under the new system, an extra layer of security will soon be added when consumers make qualifying purchases online. Consumers will receive a one-time password to enter into the payment system of an internet-based retailer to complete a purchase.

Speaking to BBC News, Mr Daley stated that this is another example of banks being poor at looking after the interest of consumers living “on the margin”, citing customers living with disabilities or those living in remote areas.

“Strong customer authentication”

PSD2 requires banks and other financial institutions to introduce and roll-out a principle of “strong customer authentication” to prevent fraudulent transactions on people’s account.

Consumers will, in many cases, need to provide additional verification if they spend £90 or more on a particular card or if they make five separate payments of £27 or more on the same card. However, an online retailer will not be required to ask for additional verification if they consider the transaction as low risk.

Poor mobile reception

Fears of digital divide in online shopping

Although most mobile phone networks have a population coverage of 99% or more, their actual coverage of the landmass of the UK is significantly lower. This has led to worries that those living in poor mobile phone reception areas will be on the wrong side of a digital divide when compared to their fellow citizens who live in more populated areas.

For these customers and for customers who don’t have a mobile phone, financial trade body UK Finance has told its members that they need to offer customers other ways to verify their details when ordering online.

The Mirror reports that some of the other ways being considered for consumers to verify their data include calling them on a registered landline and through the use of biometric data.

Speaking to the Sun, a spokesperson for UK Finance stated that

“These changes are aimed at further enhancing payment security and reducing fraud. The requirements will include exemptions for low-risk and low-value transactions to help prevent any unnecessary inconvenience for customers”.

The BBC reports that First Direct, part of HSBC, has already begun to send its customer’s authentication messages. When asked about what customers who are unable to use this method should do, they said that

“we do have alternative processes for customers…and they may be required to call us to authenticate”.

Strong customer authentication – industry worries

In an opinion editorial piece on the Security Boulevard site, concerns about how to balance the needs of consumers, the needs of merchants, and the need for security surround the new PSD2 legislation.

Comparing the situation to the Goldilocks fairy tale,

“banks are faced with a reality of needing to find a solution that’s just right…and they don’t get multiple ‘tries’ like to get it right, especially as Fintechs and Neobanks start to emerge.”