What are examples of security procedures

Online banking and shopping: The TAN process since PSD2

No rule without exception

The effort for this security when paying is not insignificant. Therefore, there are some exceptions permitted by law.

These are:

  • Payments when shopping are free of complex security procedures up to 30 euros - at least if you pay checked again in between.
  • Contactless payment with the NFC chip in smartphone or card, depending on the provider up to 50 euros per process.
  • Recurring payments do not have to be reconfirmed each time. This applies, for example, to standing orders for the electricity contract and the rent. You set up such a standing order once, then it will be carried out every month without a new security check.
  • Online shops that you use frequently can now be put on a list of safe payment recipients.
  • Providers can, under certain conditions, be exempted from elaborate security procedures for credit cards. There can be technical reasons for this and should remain the exception.

Even after the changeover, the following still applies: Beware of fraudsters!

Although many customers will be familiar with the security procedure by now, fraudsters are not afraid to confuse and gain access to accounts, for example via phishing attacks.

In order not to fall for criminals, always make sure for yourself how your bank's security procedure works (both for online banking and for the credit card) and ask them if anything is unclear. Do not let yourself be unsettled. Be especially skeptical if emails containing hints and instructions are worded suspiciously. We have compiled typical characteristics for phishing emails here.

Will I no longer be able to cope without a smartphone in the future?

Many banks are increasingly relying on their own apps for the TAN process. These solutions often do not incur any additional costs. This puts a certain amount of pressure on customers to use a smartphone. Stiftung Warentest has tried out how convenient the banking apps are to use.

Attention: If you choose a TAN procedure via app, you will probably have to buy a new smartphone on a regular basis. If there are no more security updates for a model, the bank's apps usually no longer work.

If you cannot or do not want to use a smartphone, you will find it at Online banking regular alternatives. For example, TAN generators or SMS-TANs are widespread. Pay attention to the costs and, if in doubt, look for a cheaper account model or another bank. The Stiftung Warentest gives an overview of numerous account models and what they each cost.

When it comes to Online shopping with a credit card we also see a trend towards apps. Here it can even happen that a provider declares: Without a smartphone or tablet with an app, no more card payments on the Internet. For example, we read the relevant FAQ for the savings bank solution S-ID-Check. Initially, the only alternative is to switch to another account provider or to obtain the credit card from another provider.

Are there any additional costs for the security procedures?

What to watch out for: some banks charge something for the security procedures. Then costs can arise for each SMS, for example. It is particularly annoying that a first bank charges a fee for logging into online banking even for SMS. Some banks provide TAN generators free of charge. With others, you have to buy them. Many generators can be used for multiple accounts and providers because you always insert your associated payment card.

From the point of view of the consumer advice centers, it is a clear mistake that consumers should pay extra for the security procedures. The fact that a bank protects itself from falling for a fraudster is not an additional service for the customer. The costs for these measures should already be settled with the account fee. Unfortunately, the legislator has allowed additional costs for security procedures.

A TAN may also be required when logging into online banking

At some institutes, a TAN is required when accessing online banking. So far, others have explicitly warned against giving a TAN when registering, because this was a popular fraudulent trick in the past. What's right now?

Under certain conditions, it will be mandatory in future to register for online banking with a PIN and to log in with a TAN:

  • When you get more access to online banking than just your account balance and payment transactions from the past 90 days.
  • If more than 90 days have passed since the last login with a TAN.
  • When you log into online banking for the first time.

The additional effort when logging in is ultimately also for your security. Strangers can then not easily see what is happening on your account, so your data is better protected. And having free access to bank statements for many months online at any time can be a pleasant service.

If banks have requested a TAN when registering since September 14, 2019, this is therefore legal. If this was not the case with your account before and you are suddenly confronted with entering a TAN, you should be vigilant. If in doubt, ask your bank whether the procedure has been changed.