PSD2 Directive
More peace of mind, more security.
SCA (Strong Customer Authentication).
How does two-factor authentication work?
A new process for greater security
This is how it works:
-
The first thing to do is the same as usual: enter your card details on the store website.
-
From now on, you'll need your mobile phone to complete payment because you'll receive an SMS with a link directing you to a secure Bankinter page.
-
On the Bankinter secure page, you must enter your card PIN.
-
Done! You can go back to the store website to check the details of your purchase.
When you pay by card in stores, i.e. face-to-face, you will need to enter your PIN. However, as you know, there are some exceptions.
Card payments where you don't need to enter your PIN:
-
- Contactless: purchases in Spain under €20, although this has been temporarily increased to €50 to facilitate the hygiene measures introduced in the wake of the health crisis. You will also need to enter it if you have made several purchases in row that exceed €150
-
- Unmanned car parks and transport modes.
-
- Purchases by mail order or telephone order (MO/TO).
Compulsory adaptation to the two-factor authentication or strong customer authentication (SCA) system for online purchases is underway. Depending on your merchant type and virtual platform, you may need to make certain adjustments to comply with the requirements.
Merchants with terminals on Redsys platforms
If you still have a Virtual POS with non-secure e-commerce, you need to adapt your terminal to the relevant 3DS protocol. We'll tell you when the PSD2 directive enters into force for e-commerce and we'll adapt your terminal so you don't have to worry about it and can comply with the new directive.
Merchants with terminals on their own platform
If this is your case, please remember that although there is a deadline to give all participants time to adapt their systems to the new directive, you need to check with your service provider and make the necessary adjustments to your platforms so that they function securely and in line with new directive.
Transactions that don't require SCA
Certain transactions are excluded from the scope of the PSD2 directive:
-
- Payments initiated by the merchant without customer participation, such as recurring subscription payments.
-
- Mail order or telephone order payments (MO/TO).
-
- Non-payment transactions, such as card validation for €0.
-
- Merchant or card transactions outside the EU.
Online transactions with your account
The new PSD2 directive introduces two-factor authentication for all transactions that imply activity in a current account. At Bankinter, as you have probably noticed, these two factors are:
-
- Your login password
-
- Confirmation through a code sent by text message or email.
See FAQs FAQs
What is PSD2?
The Payment Services Directive is a European directive with the main goal of facilitating and improving the security of online payment systems, reinforcing customer protection against fraud and promoting innovation in payment services through smartphones and the internet. It came into force on 14 September 2019.
One of the PSD2 requirements is the implementation of SCA (Strong Customer Authentication), which means that customers have to use more than one signature method. At Bankinter we've chosen OTP as the signature method.
What is the Bankinter OTP signature?
The OTP (One Time Password) signature is a one-time numerical code for a payment transaction in an electronic environment. You will receive it on your phone or by email every time you need to confirm a transaction.
This signature does not replace the coordinate card but supplements it, and it is therefore a more secure method for making online banking payments, either through the website or app.
When will this double signature be required?
To comply with the provisions of the European Directive, our corporate website requires two-factor authentication whenever an authorised party connects to the site:
- Login: As a reinforcement mechanism for identifying you, every three months you will have to enter your username and password again and an OTP.
- Authorisation of online transactions in your account: Whenever you perform a payment transaction, you will have to enter a coordinate and an OTP, either at the time of execution or through the signature pending system.
- Checking account activity from more than three months ago: You will always have to enter a coordinate and an OTP.
What options does Bankinter offer for receiving an OTP?
We currently offer the following options for receiving the OTP and therefore implementing the double signature:
- OTP to your phone
- OTP to your email
You will receive the OPT on the phone or via the email you have registered for this purpose.
Where do I register my phone or email for signatures on the corporate website?
Once you have logged in, go to Management - User - Security signature.
If you have any questions, you can contact the Web Service on 91 807 09 84 or call your branch.
Can I perform transactions through the website just with my coordinate card, without an OTP signature?
No, because the European Directive requires a double signature. In future, it will be possible to register trusted beneficiaries, which will mean that online transactions with them will only require one signature.
Can I perform online transactions without my coordinate card and just enter the OTP?
No, because entering the coordinate is the first signature.
Can I check account activity from more than three months ago without having to enter the coordinate?
No, the European Directive requires a double signature for these checks.
If the phone for OTPs is foreign and I don't receive it, what do I do?
If there are any issues receiving the SMS with the OTP, or if you have any questions, you can contact the Web Service on 91 807 09 84 or call your branch.