The PSD2 is the European Payment Services Regulation, which, among other measures, strengthens the security of payments made online and, therefore, increases customer protection against potential fraud risks.

From now on, CaixaBank, as a result of applying the PSD2, will establish strong authentication procedures (SCA) that allow us to check your identity or ensure the validity of the payment instrument you are using (e.g., a card) when you buy online.

What is strong customer authentication (SCA) and how will it affect me as a customer?

Strong customer authentication will allow us to verify that when you make a purchase online, it is really you making it. Strong customer authentication requires that when you make a purchase in an online shop, you use at least two different elements, known as authentication factors. These elements are independent (so that any breach of one does not compromise the reliability of the others) in such a way that protects the confidentiality of your data. There are three authentication factors:

Knowledge ('something that only the user knows')
For example: password, PIN

Possession ('something that only the user has')
For example: a computer, a mobile phone

Inheritance ('something the customer is')
For example: fingerprint, facial recognition, biometric data in general

For this reason, when you make online purchases through CaixaBank, we will verify two of these three factors through CaixaBankNow digital banking.

Furthermore, once you enter CaixaBankNow, we will inform you about the amount of the purchase and the payee, which will allow you to verify that the details are correct before finalizing the purchase.

Will I have to use this new purchase authorization in all online shops?

Until now, only some online shops required the customer to enter the 6-digit code sent by SMS to their mobile device to complete the purchase. This authorization process strengthened customer security when making purchases online. With the application of the PSD2 regulations, this is no longer a valid authorization process, given that all online shops must adapt to the new regulations and be a secure e-commerce.

For this reason, from now on, as businesses adapt to the new regulations, the number of online shops that will require the new authorization form (through the application or the CaixaBankNow website) will increase, offering the customer more security.

Will I always have to authorize purchases through CaixaBankNow digital banking?

Not all Internet purchases will require strong customer authentication. The regulations provide for a series of exceptions according to the risk level, currency, the amount of the operation, and the recurrence of the operation:

  • In those online shops where it has been possible to check that there is no risk of fraud and that they are secure, this new form of authorization will not be necessary.
  • For operations paying low amounts when:
    • The purchase amount does not exceed 30 euros and
    • The accumulated amount of online purchases from the last application of strong customer authentication does not exceed 100 euros; or, that the number of online purchases since the last application of the strong customer authentication does not exceed 5 consecutive transactions