We use first and third-party cookies for analytical and statistical purposes and to show you personalised advertisements based on a profile compiled from your browsing habits (e.g. pages visited). For more information, click on our Cookie Policy. You can accept all cookies by pressing 'Accept' or personalise your choice by clicking on MANAGE OR REJECT COOKIES.
PSD2 Directive
More peace of mind, more security
PSD2: The new EU payment directive ensures enhanced security when you carry out transactions with your accounts, make internet payments, shop online or use financial data aggregation services.

SCA (Strong Customer Authentication)
Two-factor authentication: the new verification system requires the combined use of two authentication mechanisms for online transactions with your account and cards as well as all internet payments.How does two-factor authentication work?
A new process for greater security
With the new form of authentication, whether you're making your purchase through your computer or tablet, you'll always need your phone at hand to be able to complete payment. Don't worry because the process is simple and we'll guide you through it step by step.
This is how it works:
-
The first thing to do is the same as usual: enter your card details on the store website.
-
From now on, you will need your mobile phone to complete payment because you'll receive an SMS with a link directing you to a secure Bankinter page.
-
On the Bankinter secure page, you must enter the unique password that you received simultaneously in the SMS and then enter your card PIN.
-
Done! You can go back to the store website to check the details of your purchase.
Take two minutes to understand what your purchases will be like from now on.
And if your phone has biometric recognition, it will be easier and just as safe.
If your phone has access by fingerprint, retina and iris or facial expression, the process is even easier and faster: when you make a purchase, you'll receive a notification and all you have to do to complete the transaction safely is unlock your phone and confirm the payment on the screen.
How to activate biometric recognition
Download the Bankinter app
If you have already downloaded it, update to the latest version. It's always important to use the latest version of the app, but now more than ever.Activate notifications
Check that you've activated Bankinter notifications. If you haven't, activate them now.Register your phone as a trusted device
For the registration to be effective and allow you to use this method for your online purchases, login via biometric recognition must have been activated for at least 15 days. We explain how to register your phone...This is how to register your phone
- Open “Mobile payments” on the app
- Select “Add this device”
- Sign with the code we send you via SMS.
When you pay by card in stores, i.e. face-to-face, you will need to enter your PIN. However, as you know, there are some exceptions.
Card payments where you don't need to enter your PIN:
-
- Contactless purchases in Spain under €20, although this has been temporarily increased to €50 to facilitate the hygiene measures introduced in the wake of the health crisis. You will also need to enter it if you have made several purchases in row that exceed €150
-
- Unmanned car parks and transport modes.
-
- Purchases by mail order or telephone order (MO/TO).
Compulsory adaptation to the two-factor authentication or strong customer authentication (SCA) system for online purchases is underway. Depending on your merchant type and virtual platform, you may need to make certain adjustments to comply with the requirements.
Merchants with terminals on Redsys platforms
If you still have a Virtual POS with non-secure e-commerce, you need to adapt your terminal to the relevant 3DS protocol. We'll tell you when the PSD2 directive enters into force for e-commerce and we'll adapt your terminal so you don't have to worry about it and can comply with the new directive.
Merchants with terminals on their own platform
If this is your case, please remember that although there is a deadline to give all participants time to adapt their systems to the new directive, you need to check with your service provider and make the necessary adjustments to your platforms so that they function securely and in line with new directive.
Transactions that don't require SCA
Certain transactions are excluded from the scope of the PSD2 directive:
-
- Payments initiated by the merchant without customer participation, such as recurring subscription payments.
-
- Mail order or telephone order payments (MO/TO).
-
- Non-payment transactions, such as card validation for €0.
-
- Merchant or card transactions outside the EU.
Online transactions with your account
The new PSD2 directive introduces two-factor authentication for all transactions that imply activity in a current account. At Bankinter, as you have probably noticed, these two factors are:
-
- Your login password
-
- Confirmation through a code sent by text message or email.