Have you been asked by your bank recently to input a one-time passcode in order to complete an online transaction? It seems more and more of us have, as lenders and credit card companies gradually start to roll out new measures to reduce card fraud known as Strong Customer Authentication (SCA). On Monday, John Lewis alerted customers to potential changes they might see when making payments in its stores or via its website. A number of banks and credit card providers - as well as the likes of Apple and payments solution provider Stripe - have also published advice. What is Strong Customer Authentication?

SCA originates from an EU directive designed to reduce payment card fraud across the continent. Banks and retailers had been expected to introduce the measures on 14 September, when the law will officially change, but many were not ready. Instead the Financial Conduct Authority has effectively delayed it, saying it won't enforce the law until March 2021.
However, it still expects providers to introduce the measures in a staggered approach over the next 18 months - although when you start noticing changes will depend on who you bank with and where you shop. An estimated 671m was lost to fraud on UK payment cards in 2018, a 19% increase on the previous year. How will it work?

Under SCA, if an online shopper spends more than about 28 in one transaction, payment providers will be required to ask for an extra form of verification. This will usually be sent by your bank as a one-time password by text to a mobile phone. Alternative forms of verification could include a thumbprint on a smartphone or voice recognition. Shoppers will also see changes in stores: for example, you may find yourself occasionally being asked to enter your pin number when making either a contactless payment or using a mobile wallet. Why was it delayed?

Retailers and banks lobbied the government saying the 14 September start date was unrealistic. According to the British Retail Consortium, the fact providers would not have been ready would have created "significant disruption to online payments".

Source: