The snappily named SCA and why it doesn’t matter (for 18 months)

You might have heard about a new scheme that was coming in that would affect how you use your credit card when you shop online.  (The official names is “Strong Customer Authentication” – snappy, eh?  It also went under the name of “Payment Services Directive 2” – equally catchy.)  

The idea was to make it harder for criminals to use your credit card to buy things online – definitely a worthy aim!  It was designed to replace things like “Verified by Visa” and “Mastercard Secure”

But if you were like me, you were left scratching your head about some of the information you’d been sent by your bank – it wasn’t clear exactly how it’d work.

Not helped by much of the information sent out by banks and card companies being, well, pretty unclear. They often told you they needed to make sure they had your up to date details but not how it would work. 

Well, the scheme has been put off for 18 months, so for now at least you don’t have to worry about it.

But they still plan to bring it in – just not for a while.  I’m hoping they use the time to sort out some of the issues… but who knows?

In a nutshell the idea was that when you buy something online with a credit card or debit card, they would send you a text message with a number in and before you could finish buying whatever it was you’d have to type that number in.

Of course if you’re using a smartphone to buy things and the number they text comes to the same phone, it doesn’t really add much security, but I’d always recommend having some kind of security on your smartphone – like a code you type in when you turn it on, so if it’s lost, other people can’t use it.

(There were some possible alternatives – you might be able to use a thumbprint to prove it’s you, or even voice recognition but texting you a number was the main method.)

You might think “But I don’t use my debit or credit card online directly – I use PayPal or Amazon” (or some other system).  But they usually only act as a sort of middleman, taking the money from your credit or debit card. It can be a good idea, because you don’t need to keep typing in your card details and only one company that you (hopefully!) trust has the card details – but it doesn’t get around your card being billed online.

The most obvious issue to me is what if you don’t have a mobile phone? They couldn’t text you then!  They did say in that case you would get a call on your landline (fine as long as you’re not deaf) but if you have a desktop PC and your landline isn’t next to your PC it’s not ideal to have to run down the hall, answer the phone, remember the four digit number and run back to type it in.

It certainly makes it harder to secretly buy birthday presents for the other half, too!

But that wasn’t the only issue.  What if you have a mobile phone but the signal in your home is poor – I have a friend who only gets signal when she’s away from home.  Would she have to drive a mile down the road to get the code, drive back, then type it in?

To be fair, they did plan to have a limit below which you didn’t always need to type in the code – below £28.  Even that was a little vague – as sometimes you might still get asked to type in a code.

They hadn’t really thought through what to do about “one click ordering” – a system Amazon and some other companies have where you can buy a book with one click and it automatically uses your main card to bill you.

What to do about “subscription” payments wasn’t clear, either – if someone subscribes to something, say weekly, does only the first payment count or are the later, automatic ones “online” as well?

Anyway, the FCA are “relaxing” the deadline (as they call it) by 18 months.  They say that for it to be relaxed, the bank or credit card company need to show they are “taking steps towards complying” – I assume this just means working out how they’re going to make it all work.  Hopefully by the time 18 months roll round it’ll have been thought through a bit more.

I’m not against the idea behind it – stopping people being able to use your card details to buy things online is obviously a good idea!  But hopefully by the time it comes in they’ll have made it all work a little more smoothly. Let’s hope!