Maximum security

By Audrey Somnard Switch to French for original article

Banks have been tightening the security of internet payments since 1st of January, an obligation of the European Union to reduce fraud.

Online shopping exploded in 2020, “thanks” to the pandemic. For lack of access to shops, or to avoid leaving the house unnecessarily, online shopping has become a reflex for an even larger population than before the lockdown periods. Habits that have been established and that will not change in the future. At the same time, frauds and other online payment scams have also followed this trend.

To address this increased risk, the European Union imposes, in its ‘PSD2’ regulation which came into force in 2019, a series of measures to better protect consumers. PSD2 is a barbaric, highly technical acronym, but one that affects our daily lives in a concrete way. This new regulation allows customers to keep control of their data, but to be able to use third-party companies to manage their bank accounts, for example. This same PSD2 obliges banks to reinforce authentication for online payments since 1 January, after an extension of almost a year. SCA, another acronym, which stands for “Strong customer authentication”. Until then, when making an online payment, most banks used to send a text message with a password to smartphones, called OTP. Once the few numbers were entered, the payment was validated by the customer.

The PSD2 regulation requires these controls to be reinforced, with two out of three authentications now becoming compulsory: something you know (such as a password), something you own (a mobile phone, a token) or a biometric identifier (fingerprint, iris scan). While it is “easy” for fraudsters to obtain a credit card number or password, it is more difficult to possess a user's token, smartphone or biometric data.

500,000 token in circulation

In Luxembourg, the reference operator is Luxtrust. The latter has been supplying tokens to customers of major retail banks for almost ten years. Today, some 500,000 active user tokens are in circulation in Luxembourg, for 70 million transactions each year, which represents a 15 to 20% increase in authentication requests for payments. Initially used to access web banking, tokens are now being used for this enhanced authentication. In concrete terms, banks are now asking to use their token to validate any payment, in addition to the password or fingerprint, for example.

You want more? Get access now.

  • One-year subscription

  • Monthly subscription

  • Zukunftsabo for subscribers under the age of 26


Maximum security


Already have an account?

Log in