PSD2 Directive

More peace of mind, more security

PSD2: The new EU payment directive ensures enhanced security when you carry out transactions with your accounts, make internet payments, shop online or use financial data aggregration services.

SCA (Strong Customer Authentication)

Two-factor authentication: the new verification system requires the combined use of two authentication mechanisms for online transactions with your account and cards as well as all internet payments.

How does two-factor authentication work?

See Online transactions with your account Online transactions with your account

Online transactions with your account

The new PSD2 directive introduces two-factor authentication for all transactions that imply activity in a current account. At Bankinter, as you have probably noticed, these two factors are:

  • - Your login password

  • - Confirmation through a code sent by text message or email.

See Face-to-face payments with your card Face-to-face payments with your card

When you pay by card in stores, i.e. face-to-face, you will need to enter your PIN. However, as you know, there are some exceptions.

Card payments where you don't need to enter your PIN:

  • - Contactless purchases in Spain under €20, although this has been temporarily increased to €50 to facilitate the hygiene measures introduced in the wake of the health crisis. You will also need to enter it if you have made several purchases in row that exceed €150

  • - Unmanned car parks and transport modes.

  • - Purchases by mail order or telephone order (MO/TO).

See Online payments with your card Online payments with your card

When you have shopped online in the past, the authentication process was via your card information (holder, card number, expiry date, CVV number) and a verification code sent to you by text message. From now on, a new system will be phased in whereby banks and e-merchants will be required to request two of the following three authentication factors stipulated in the directive:

  • - Something you know, such as your PIN or password

  • - Something you have, such as your card, phone, your mobile, digital certificate, national ID card, etc.

  • - Something you are, such as your fingerprint, voice or iris.

For Bankinter cards

For Bankinter cards, the two factors are as follows:

  • 1. Your card PIN (something you know)
  • 2. Confirmation with a one-time password (OTP) that we send by text message to your phone (something you have).

Biometric authentication will be available in the future and we'll keep you informed about this development.

See Adaptation for merchants Adaptation for merchants

Compulsory adaptation to the two-factor authentication or strong customer authentication (SCA) system for online purchases is underway. Depending on your merchant type and virtual platform, you may need to make certain adjustments to comply with the requirements. 

Merchants with terminals on Redsys platforms

If you still have a Virtual POS with non-secure e-commerce, you need to adapt your terminal to the relevant 3DS protocol. We'll tell you when the PSD2 directive enters into force for e-commerce and we'll adapt your terminal so you don't have to worry about it and can comply with the new directive.

Merchants with terminals on their own platform

If this is your case, please remember that although there is a deadline to give all participants time to adapt their systems to the new directive, you need to check with your service provider and make the necessary adjustments to your platforms so that they function securely and in line with new directive.

Transactions that don't require SCA

Certain transactions are excluded from the scope of the PSD2 directive:

  • - Payments initiated by the merchant without customer participation, such as recurring subscription payments.

  • - Mail order or telephone order payments (MO/TO).

  • - Non-payment transactions, such as card validation for €0.

  • - Merchant or card transactions outside the EU.