Monetary|Someone else’s bank and credit card can be used to make small purchases easily – why don’t banks require strong identification for all online purchases?
Small ones paying for purchases with a card is easy – just a quick glance at the checkout and the job is done. Few think that simplicity has its flip side.
If you’re unlucky, you don’t even have to steal the card to use it. If the card is used for online purchases or applications of up to 30 euros, it is enough for the thief to know the card number and the CVC code on the back.
This is due to an EU directive.
“Strong identification is not mandatory for online payments of less than 30 euros in accordance with the payment services directive that entered into force in 2019,” says Danske Bank’s director of day-to-day services Heli Pieninkeroinen by e-mail.
In practice, strong identification is almost never required for individual small purchases. However, the thief’s opportunities are limited by the fact that you cannot make very many low-value payment transactions in a row.
“The regulation enables consecutive purchases either totaling a maximum of 100 euros or 5 purchases so that the customer is not strongly identified in between,” says OP Financial Group’s director responsible for card business Teemu Korte in an email message.
Not at all big banks do not offer payment cards where strong identification is always required for all online or app purchases.
“There has been no need for that. We have very few cases under investigation where the card was misused in this way,” says Nordea’s director of card business Olli Penttinen.
According to Penttinen, everyone has an option where the use of the card in online or app stores can be completely prohibited.
“The ban can be turned on or off in online or mobile banking. Some people allow, for example, online shopping only when they buy something and then they turn it off.”
There is there are other exceptions where online shopping can be successful without strong identification. Such are, for example, recurring payment transactions, such as monthly subscriptions to streaming services, where strong identification of the customer is only done in connection with the first payment transaction.
It may come as a surprise to the customer that the streaming service continues automatically if they do not remember to cancel it separately.
Background billing would be impossible if the service asked for confirmation every time. Could a bank still build such a product?
At least, according to Penttinen, Nordea’s service does not offer such a thing yet.
If money has been taken from your account without permission, you should close the card as soon as possible and report the matter to the police.
After this, you can file a complaint with the bank. A criminal complaint must be attached to the complaint. How much the bank compensates for the lost money is case-specific.
“It depends, for example, on whether the bank considers that the unauthorized use of the card was due to the cardholder’s own carelessness or whether the card information was otherwise obtained.”
Penttinen reminds that you should never leave your card lying on the table, for example, where anyone can take a picture of it.
“The old familiar advice applies here: Keep the card safe and don’t show its information to anyone.”
#Money #Payment #cards #sneaky #loophole #secretly #withdraw #money #account
