New Online Buying Rules

[Bob WilsonParticipant @bobwilson59101]

[Bob WilsonParticipant @bobwilson59101]

I see that later this year the EEC will be forcing authentification codes on us if we purchase anything online, with a special code for every purchase. These will have to be obtained via texting on a smart phone. Incredibly inconvenient if one doesn't have a mobile. We have no intention of spending hundreds on a smart phone for the privilege of online buying. How many of you don't have a mobile, but still purchase online? Not many, I suppose. Can't think of any solution to this.

Bob

[Ray Wood 3Participant @raywood3]

Hi Bob,

That's an easy one , don't buy on line ! Simple really 😀

Regards Ray

[Colin BishopModerator @colinbishop34627]

I think it is a bit more complex than that Bob, can depend on the value of the purchase and who you are buying from but yes, it does look as if there will be more use of authentication codes to combat fraud.

If I log on to HMRC then they send me an authentication code to my mobile before I can access my tax details and as I have a 'smartphone' I am comfortable with that if it makes things more secure. There are a lot of people out there just waiting to grab your details and money. It's just the world we now live in. However it is still often possible to phone the supplier and give them your card details and that works for a lot of people.

I know many people, particularly older ones, don't have smartphones and that is certainly a problem for a significant minority of the population. It will become less so as the years roll on…

I do find my smartphone immensely useful in lots of ways. For example, this morning I was walking on the South Downs and received an urgent update of a family health situation.

A friend of mine resolutely refuses to embrace 'new technology' on principle although she would be perfectly capable of coping with it. Whilst admiring her attitude I can't fail to notice that she is making her life incredibly more frustrating than it need be in all sorts of ways and ultimately she is in a losing situation.

We have to accommodate this sort of thing otherwise we would still be using gas lamps for lighting and driving horse and buggies instead of cars. We can still pick and choose though. My smartphone has loads of 'apps ' on it and I need virtually none of them. It is just another tool, like my PC.

Colin

Edited By Colin Bishop on 23/04/2019 22:34:51

[Dave MilbournParticipant @davemilbourn48782]

Bob

Where exactly did you obtain this nugget of information, and what is the EEC? And no – I don't have a Smartphone and I'm unlikely to buy one.

Dave M

[Colin BishopModerator @colinbishop34627]

It was announced last year Dave, just Google EU two part authentication.

Colin

 

Edited By Colin Bishop on 23/04/2019 22:57:17

[Bob WilsonParticipant @bobwilson59101]

Thanks for replies. Not buying online is not an easy solution. A large number of items are only available to me online. Even if you phone your order in, they will still require the authentification code that you have to get via the mobile. Lots of people live in the country where there is no mobile signal, and if too old to drive, get their food and other supplies online. The authentification code that can only be obtained via the mobile. These nuggets of information came direct to us from two banks. Being wary of a scam, I contacted the banks direct and was told it is an EEC directive and will come into force in September this year. I can see even more fraud. I am continually amazed at how people get taken in my phone scams as it is. They will now have scammers phoning up saying they can supply authentification codes without any problem – just give us your bank details And you will see the papers filling up with people saying how intelligent they are, but really fell for it. Apart from anything else, why should we have to pay to get an authentification code? If it is really necessary, why can't they be obtained via a normal land line or e-mail? Progress in many things is just dedicated to "improving" things, by making it more difficult than it was before. This just about sums up the way I feel about everything these days:

Life at best is but an enigma, and like children pursuing a "Will O' The Wisp,"so do we all pursue the illusive beacon light of a brighter and happier to-morrow – always hoping, never attaining, though striving ever until, wearied of the vain pursuit, at last we fall by the wayside and are forgotten.

Charles Clark Munn (1847 – 1917)

It will be intersting to see what happens!

Edited By Bob Wilson on 24/04/2019 08:40:14

[Empire ParkstoneParticipant @empireparkstone]

Retailers expect that users will have to confirm their identity every five times they use contactless from September 2019. Mastercard and several UK banks are currently testing cards with inbuilt fingerprint scanners to help verify customer IDs. With retailers keen to maintain frictionless consumption, many retailers are likely to adopt biometric technology as you can’t forget your fingerprint at the till.

[Dave MilbournParticipant @davemilbourn48782]

I shall have to research the ability of my Samsung 1100E to receive texts. It was purchased new around ten years ago (maybe more) for about seven quid and lives in the glovebox of my car. I'm certainly not prepared to update to an expensive idiot box. I'm with Bob on that one…….but it's now called the EU, Bob.

DM

Edited By Dave Milbourn on 24/04/2019 08:45:44

[Charles OatesParticipant @charlesoates31738]

Speaking for myself, I have no problem with added security for online buying and banking, in fact I welcome it. It's also worth noting that this EU regulation is part of a worldwide drive to improve the safety of consumers.

Although I love my smartphone, ( which wasn't expensive), I completely understand that some others don't feel the same way. Most financial institutions also understand this and are taking measures to assist them. For example, the Halifax will be offering a phone call to a landline as a substitute for the texted pass code. A little bit of a nuisance? Maybe it is but as long as there are fraudsters out there It's worth it.

Chas

[ashley needhamParticipant @ashleyneedham69188]

A non_smartphone able to receive texts costs very little, and even if you don’t want to use it constantly it is a valuable lifeline in emergencies.

several banking things I do need to be authenticated with a code texted to my phone, but it is very easy. Note that it does not cost you to receive a text…

Ashley (dumb phone user)

[Bob WilsonParticipant @bobwilson59101]

Thanks Chas, it is good to know about the Halifax being able to provide a landline service. I can absolutely gurantee that the fraudsters will have a field day with this directive when it come out and it will be easier than ever for fraudsters to scam people. A fair number of my friends live in areas where there are NO MOBILE SIGNALS, due to their remoteness – so what are they expected to do. I may be giving you the impression that I am a bit of a dinasaur in such things, but this is not the case. A number of years ago, I threw in a senior position in marine electronics and communications because I was sick and tired of the electronics "rat race" that showed signs of engulfing and trampling everything in its path. But I have kept up to date with computer operation, online buying and selling, but I will not be forced into a mobile phone addiction.

Bob

https://youtu.be/pFIheTaTGz4

Edited By Bob Wilson on 24/04/2019 09:15:09

[Tim CooperParticipant @timcooper90034]

Bob

The EMail I have had from my Building Society on the above said that they were setting up an authentication system and purchases might have to be authenticated but not every time.

Tim

[Colin BishopModerator @colinbishop34627]

My phone allows me to keep an eye on you lot even when I am sunning myself in a Greek taverna with a glass of wine in front of me….

Of course I have to get there first which can entail virtually undressing at airport security which is another cross many people now have to bear in the fight against those who are determined to rob or kill us all.

Colin

[Dave MilbournParticipant @davemilbourn48782]

Coincidentally I've been made aware earlier this week of our bank's new One Time Password policy, which allegedly started in February – although I've not fallen foul of it to date. In order to set up a mobile phone number on my account I will have to telephone their Digital Team who, naturally, will ask me some security questions. On past experience, these will include such instantly memorable items as how many standing orders I have on my account; which one of the following three transactions did not appear on my account within the last three months, and what's the exact amount I pay to the local authority every month for my council tax. If I show any hesitation in replying – as though I'm desperately scrabbling through my bank statements for the answers – then I'll fail the test. We spent over 45 minutes on the phone to the bank when simply trying to notify a change of address when we moved house. Paypal will make a killing from this new regulation, no doubt, and guess who'll pay the extra cost to cover their commission?

Cynical? Moi??? Isn't it ironic that fraudsters seem to have so much less trouble in accessing my bank account than I do?

Liked the short film, Bob!

DM

[Bob WilsonParticipant @bobwilson59101]

Dave,

Know what you mean about the security questions. I got the place where we spent our honeymoon wrong, although neither of us have been married before. I could hardly have forgotten as it was a round voyage to South Africa on my ship! I also got the first foreign country I ever visited wrong. I couldn't remember a bank transaction I made on a certain day several months before. So gave up. My wife also got all her security questions wrong as well!

Bob

[Dave MilbournParticipant @davemilbourn48782]

I think I've found the answer to our little conundrum…

Ta-DAH!!

[Colin BishopModerator @colinbishop34627]

Scammers access people's bank accounts because people let them in by giving away too much personal information, often on social media which makes it easy for scammers to impersonate their banks and dupe them. Older people can become confused of course and are not up to date with the warnings. Banks are currently on the back foot as they have for too long swept all this under the carpet either by making customers to blame or absorbing losses and recouping them from higher charges. They have also not adderessed the issue that scammers can empty customer accounts without being challenged and appear to have a string of legitimate accounts in which to cycle the proceeds – how do they manage to set up these accounts which large sums just pass through and disappear without trace?

Another factor is people's greed. There was a story in yesterday's paper to the effect that someone had put his wife's savings of £36k into an investment company which has now failed from financial chicanery. He made the investment because it was paying 8% when the average rate is under 2%. His greed got the better of his commonsense.

Quite agree with you regarding dealing with bank security questions and trying to identify yourself over the phone Bob. Believe me it's ten times words if you are deaf and they won't speak to your wife even if you have a joint account! They have closed my local branch so if I need to sort out anything out of th ordinary I now trek into the nearest town 12 miles away armed with passport and various standard means of identification and insist that they sort it out. It's a nuisance but it usually works.

Colin

[Bob WilsonParticipant @bobwilson59101]

We don't even have passports now, and my wife does not have a driving license. However if I pick up a parking ticket, no-one ever asks me to prove who I am! But it is now too dificult to go in town by car anyway because they have pedestrionised most of it and are in the process of demolishing the car park. The few useable roads now have a one-way system that is as awkward as possible and doubles the journey length via the most inconvenient routes!

[BanjomanParticipant @banjoman]

This may perhaps sound like nitpicking, but to be quite correct, neither the

Directive (EU) 2015/2366 […] of 25 November 2015 on payment services in the internal market […], already in force since early 2018 (**LINK**),

nor the follow-up

Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 […] with regard to regulatory technical standards for strong customer authentication […], which comes into force on September 14th this year (**LINK** — see p. 23 ff), and will be what Bob referred to in his initial post

actually obliges anyone to use any specific technical solution, such as one-time codes sent to a mobile phone, for two-factor authentication.

What will indeed be required for many (or even most, although there are some exceptions) electronic payment transactions as of this September is what the directive calls strong customer authentication. This is defined as

"an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data".

For my part, it is already the case that in most instances when I want to pay for something online with my credit card (issued by my bank here in Belgium), at the final stage of the payment process I am redirected to a page (managed, I think, by the banks and/or the various payment and or card providers, but that doesn't really matter), where I have to type in a one-time code that I generate with my credit card and the bank-issued card reader that I also use whenever I log on to the on-line banking services of my bank. No mobile phone is involved at any stage.

However, it is indeed the case that when I use another card, which I have from a different source, I will usually receive a text message to my mobile with a one-time code to authenticate the transaction.

This difference is entirely down to choices made by those who have issued the different cards, and only down to the directive in the sense that they both fulfill the requirement for strong customer authentication by combining at least two elements as defined above.

Likewise, I have myself opted to activate two-factor authentication via text message whenever I log on to my PayPal account, for added security.

It may thus well be, Bob, that the two banks that have communicated with you will actually demand that their customers are able to receive text messages in order to carry out on-line payments, but if so (and obviously I have no idea whether that is really the case, or if there will be alternatives available) that will be because of choices made by those banks, and not because the directive told them that that was how they had to do it.

The technical nitty-gritty and details on solutions are currently being trashed out by several working groups under the aegis of the European Bank Authority (see **LINK**).

That said, I personally think that while the intentions of the directive and what flows from it are on the whole good, and should pose few if any problems for a very large group of people (myself included), as in so many other instances not enough attention has been given in the implementation to workable alternatives for those who, for whatever valid reasons, really cannot (or can only with great difficulty) make use of the mainstream solutions on offer. If a person decides to be a stick-in-the-mud, he or she should perhaps not complain too hard if eventually s/he ends up with rather muddy feet and little change of view, but it is alas the case that market forces (outdated methods, alternative procedures and/or back-up options used by comparatively few are of course more expensive per use to develop and maintain than mainstream solutions) are ever too likely to make a stringent cost/benefit analysis to the detriment of those in a weak bargaining situation.

Mattias

[Bob WilsonParticipant @bobwilson59101]

One of the banks I use does come with a small card reader that I get two four-figure codes from whenever I access internet banking, so maybe that will be used to get codes for online buying. If that is the case, no problem as I quite like the card reader. But all these extra things, although they may not appear much individually, all add up to a considerable number of codes and passwords that one is expected to remember. How many more small electronic devices will they eventually expect us to purchase in order to even survive? Even working a modern TV set required quite a lot of skill in learning the system. Then if it breaks down, you can't just get another, because it has been superseded by something even more complicated and you have to learn it all again. Most of this electronic "junk" is totally unnecessary. If I want to open my car door, I can't see how a radio-controlled key is more secure than sticking a normal key in the lock and turning it. Or winding the window down with a handle rather than via an expensive electric motor. I can keep up with all these things, trouble is – I don't want to! For all the modern "progress" it is virtually impossible to even transport a ship model via courier without it getting busted. Leaving the rat race in 1992 was one of my best decisions,

Bob

[Dave MilbournParticipant @davemilbourn48782]

Mattias

I would not disagree with anything which either you or Colin has said. Of course it makes sense to add some extra security measures if the banks find that they are a) having to pay out a lot of money to compensate for customers' silliness in disclosing secure information, or b) contravening EU law by not doing so. My point – and I'm sure that Bob would agree – is that some banks have decided that it will be Method A and only that, so if you can't or won't comply then you can't buy stuff on-line, at least through their system.

Guess what? We have three current accounts and several ISAs with that bank (yeah – I know it's more than the £80K safe limit) but we can easily switch to a bank that offers a choice of one-time-only verification methods. Just watch me.

Olé!

[Bob WilsonParticipant @bobwilson59101]

I am now discovering that some banks will supply the numbers via normal landlines. What is more alarming is the pending introduction of Open Banking, where all your account details and are shared by an independent body (government-approved of course). This is another EEC thing and will at first be optional, but you know what that means. All Big Brother stuff!

[Tim CooperParticipant @timcooper90034]

Dave

I had a similar problem with my credit card security questions, they wanted info off the last credit card bill but when I said I will ask my wife, I was told I had failed security. I wasn't allowed to try again, not sure why I had set up all those known questions – mums maiden name ,memorable place etc. On ringing them again the next day and still having trouble having failed security once. On complaining they got another team to ring me back late afternoon; as I sat having a coffee at Heathrow waiting to board plane to Malaysia for a family wedding, after a heated discussion he told me he was cancelling my card and sending me a new one. When I asked what do I use for the next 2 weeks he said , Have you got one with another company ?

Luckily I had.

Tim

[Dave MilbournParticipant @davemilbourn48782]

I had an identical experience when I asked Liz to look up a statement while I was on the phone to SECURITY. In a later incident, she was torn off a strip by SECURITY for quoting my personal on-line security number instead of her own. I think they must employ ex-Credit Controllers as call-centre operators – you know – the ones who had the most complaints about them! The one we spoke to when changing address seemed to have been recruited by the Stasi and trained by the Inland Revenue.

Wasn't by any chance a Spanish bank, was it, Tim?

[Author]

Posts