Online shopping with a credit card: that has changed

© Syda Productions –

There have been postponements several times, and the stricter requirements for online payments have been in full effect since mid-March. Those who pay for their online purchases by credit card should be better protected against fraud.

The financial supervision Bafin draws a positive interim assessment of the stricter rules for paying by credit card on the Internet that have been in place for six months. “With the introduction of strong customer authentication, customers in Germany are protected even more against fraudulent payments than before. This applies above all to card payments on the Internet, ”said a spokesman for the Federal Financial Supervisory Authority (Bafin) on request.

Since March 15, when paying by credit card on the Internet, the obligation for so-called two-factor authentication has also been in effect for smaller amounts. This means that customers usually have to prove in two separate ways that they are the legal owner of the payment card.

Strict guidelines for credit card payments

The requirements for credit cards are particularly strict, because the number and check digit of these cards can be spied out relatively easily, for example when using them in restaurants. That is why it is not enough to have a credit card. According to the new rules, consumers need two additional security factors for credit card payments when shopping online: for example password and transaction number (TAN). This is to prevent misuse of the cards even better.

“In the meantime, almost all credit cards issued are technically capable of carrying out strong customer authentication for online payments,” summarized the Bafin. “However, this functionality has to be activated explicitly by the customer at many banks. Consumers should take the relevant information from their bank seriously, otherwise online purchases with credit cards may fail. “

Not the same for all banks

The implementation is slightly different depending on the card-issuing bank. To some customers, the financial institutions send the one-time TAN to approve online payment via SMS to a telephone number stored in advance at the bank. Other banks have the purchase confirmed via a special app, for example by entering a PIN or taking a photo of a barcode. Biometric processes such as fingerprints or facial recognition for approving a payment with two factors are also technically possible.

Actually, the obligation to strong customer authentication according to the new EU rules (“Payment Service Directive” / “PSD2”) has been in effect for every payment in online banking and when shopping on the Internet since September 14, 2019.

Implementation problems

But because some dealers had problems implementing the plan, the financial supervisory authority Bafin initially gave a postponement until the end of 2020. Shortly before Christmas, the authority announced that January 1, 2021 as a start date could not be implemented either. Instead, a tiered model applied: Since January 15, 2021, payments of EUR 250 or more must be approved with two independent factors; since February 15, two-factor authentication has been in effect from EUR 150. The stricter security regulations for online credit card payments in Germany have been fully effective since March 15 (DIGITAL FERNSEHEN reported).

“In fact, it seems that the companies have adjusted to the situation,” said Ulrich Binnebößel, payments expert at the German Trade Association (HDE). If a customer aborts a purchase process on the Internet, it is difficult for an online retailer without the appropriate know-how to attribute this to any errors in the strong customer authentication.

Whether consumers actually have to approve each purchase on the Internet with additional information depends on the bank from which the payment card originates. For example, if a customer buys more often from the same online shop, a financial institution can forego having the payment released there with two factors each time. The two-stage process of strong customer authentication can also be dispensed with for payments under 30 euros.


*The article has been translated based on the content of DIGITAL FERNSEHEN by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!