With the approval of PSD2, the Second European Payment Services Directivein 2017, the double check or second verification entered into force in a mandatory way in all types of digital payments in the European Union, and for banking entities that proceed and operate in said area.
In this way and from its application at the beginning of 2019, It is no longer enough to put the details of a bank card in a payment gateway, but we must, in a physical way, and therefore consciously and voluntarily, verify said payment in the mobile application of our bank or in any other that it makes available to us. The purpose is that there is no doubt that we authorized our payment.
But to many users, if not most, it seems to us a cumbersome and redundant process, since the encryption protocol of the payment gateways is AES-256, one of the best encryption systems that exist. However, this protocol is not enough because the scams, precisely, are usually designed precisely not to confront him through the so-called social engineering.
Almost 29,000 euros scammed
In this regard, and as an example of said social engineering, a few days ago Facua has revealed that BBVA was recently forced to repay a client – a middle-aged man – a figure close to 29,000 euros that had been stolen from him through a fraud of smishing.
Smishing is a technique that consists of sending an SMS by a cyber criminal to a user pretending to be a legitimate entity – social network, bank, public institution, among others with the aim of stealing private information or making an economic charge.
Generally, the message invites you to call a premium rate number or access a fake website link under a pretext. In the case of the BBVA client, the false reason was an alleged deactivation of a card that had to be reversed by re-entering all the bank details on a web page, supposedly real, whose URL address was provided in the received SMS.
After following the instructions indicated by the scammers, the user received a new SMS informing him that he would soon receive the information about the account, but he did not. “From then on I began to receive dozens of unauthorized charges in different stores,” says the user, named Julián, on the Facua website, an entity of which he is a member.
Specific There were 39 operations without authorization between April 26 and May 4. It was not until May 6 when, after reviewing his account, Julián realized that he was the victim of a scam.
He quickly contacted the bank’s Customer Service, but when the theft was reported, the bank declined responsibility and limited itself to offering him “a more secure card”, which included double verification, something required by law.
Precisely, given the bank’s passivity, Facua’s legal services contacted BBVA’s customer service with a letter recalling that the Article 36 of Royal Decree-Law 19/2018, of November 23, on payment services and other urgent measuresstates that “payment transactions will be considered authorized when the payer has given consent for their execution”, a circumstance that had not occurred.
In the same way, article 45 establishes that when an unauthorized payment order is executed, the bank must return the amount of the operation to the client: “the payer’s payment service provider will return the payment account in which the debit was made to the state in which would have been found if the unauthorized operation had not been carried out.
Double verification, the best barrier to scams
And precisely to ensure the explicit consent of the client in cases of scams by SMS or Whatsapp, more frequent every day and in which we can incur at a time when we have our guard down and give up all our data, the best barrier is double bank verification,
For this reason, it is no longer enough for us to encrypt the data offered by the payment gateway when making a purchase or settlement online, but rather we mustexpressly and physically verifythis is by going to the banking application on our mobile, which we authorize the purchase after entering our passwords or with our fingerprint.
It may seem like a heavy process, and it is when we are in a hurry to complete a payment, but the truth is that if Julián’s card had contemplated double verification in any of the unauthorized purchases that occurred, surely none of them would have ended up being effective.
From mode we can make sure that we have absolute control over everything concerning our online purchases, and at the same time our bank limits all liability in those cases in which even having double verification, a scam is committed.
If you don’t want to miss any of our articles, subscribe to our newsletters
www.eldiario.es