In this article we explain:
- Why new rules have been introduced now.
- What exactly are the rules for UK online retailers?
- Solutions available to businesses to ensure compliance.
Why new rules have been introduced now
Online fraud has grown in step with retailers’ increasing amounts of revenue year on year from their online channels, costing business and the banking industry huge amounts of money annually. According to the Daily Telegraph online fraud costs consumers around £400m a year.
To combat this, new online anti-fraud legislation was instigated by the European Banking Authority and introduced into UK law prior to Brexit. The new rules were due to be introduced by the Financial Conduct Authority (FCA) in early 2021, but this was delayed until 14th March 2022 to give online retailers more time to adjust their systems to be compliant.
What are the new rules for UK online retailers?
Since the 14th March this year, retailers and payment providers are now legally required to make identity checks to their customers who buy online using a credit or debit card.
These Strong Customer Authentication (SCA) rules, as they are known, will predominently apply to purchases over £25 (30 Euros). However if multiple purchase patterns are seen from a customer for amounts below £25 this could also invoke the SCA rules for an identity check to make sure the customer is genuinely who they say they are. The new rules do not apply for purchases over the telephone.
Identity verification checks have only been around 1% of purchases before 14th March, but these new anti-fraud rules could see that figure rise to around 25% of all purchases according to Mastercard.
Solutions available to businesses to ensure compliance
There are a number of identity verification solutions available to check the custom is genuinely who they say they are.
Below are what we believe to be the best solutions for online retailers to use on their websites to comply with the new rules.
It is important to mention that the FCA expects websites to be able to provide identity checks on ALL customers. This means those who can’t be verified using their mobile phone device, either because of poor signal or they choose not to own a mobile, must still be verified via some other means. Therefore websites need to have several different methods of authentication available, not just one that relies on a mobile phone for example.
2 Factor authentication
A common way of verifying a customer is 2 Factor authentication via SMS text. The first stage is the customer entering the password to their account on the website. Then for the second stage the customer is asked to provide their mobile phone number and enter a one time numeric code into the webpage that is sent by text message to their mobile.
Read more about integrating text message verification into your website with the T2A text message API method.
You can also check the mobile number is current and in use with the T2A mobile number validation API method.
Person Verification using data matching
This is one of the most robust solutions for checking the identity of a customer to prevent fraud, as it matches against actual data so cannot be falsified.
The customer name and address details are matched against a comprehensive UK dataset comprised of several licensed databases such as the Electoral Roll. A message of ‘identity verified’ or ‘not verified’ is returned to the website and communicated on-screen to the customer.
Read more about integrating Person Verification into your website using the T2A Person Verification API method.
Age Verification using data matching
Age Verification is for websites that sell any age-restricted products or services where customers must be 18 or over to make the purchase. This is a great add-on to Person Verification where retailers are liable for any claims of underage selling, as well as identity checking.
Like Person Verification, this is a very reliable and robust solution as it matches the name and address details of the customer against a vast dataset of UK person databases including the Electoral Roll. A result of ‘verified under 18′ or ’18 or over is returned.’
Read more about using Age Verification on your website using the T2A Age Verify API method.
UK online retailers have had a long period to get their website systems ready for the new anti-fraud rules that came into force on 14th March 2022. Therefore, it’s probable that the FCA will soon be checking that websites are complying with the rules and potentially making examples of those that are not and perhaps issuing companies with fines.
Online retailer’s websites must have a number of solutions for customer identity checking in place, not just one, to ensure ALL customers can be verified by some means.
Validating a customer’s identity using a system of matching customer details with recognised up to date databases such as the Electoral Roll, is the best way to be compliant with the rules as this method cannot be falsified.
The Person Verification API method from T2A is one such solution that retailers can integrate easily and cheaply into their website or App.