Card deposits - multi-factor authentication
Changes to the way you pay online using a card issued in the EU
It’s really important that you make sure that your bank has your correct contact details
Background info on the changes
FAQ: Why do you need to send me a one-time passcode (OTP) when I’m making a deposit?
FAQ: Can I opt-out from providing this extra information when I make a deposit?
FAQ: Why haven’t I received the SMS you sent me to complete my deposit?
Changes to the way you pay online using a card issued in the EU
On 14th September 2019, new EU regulation came into effect to increase your payment security online and help prevent fraud. This may change how your bank verifies your identity when making payments online.
Banks are now mandated to implement multi-factor authentication. Multi-factor authentication (also known as Strong Customer Authentication or SCA) provides you with an enhanced level of security online, by confirming your identity in more than one way.
When you make a payment online you may need to undertake an extra step to confirm that it’s really you making the deposit - this may not happen on every transaction you make, though.
When it does, the bank may use one of multiple means to obtain authentication: they may prompt you to use your bank card authentication device (if you have one), send you a one-time passcode (OTP) via text message or push message (if you have a mobile phone), or use an automated call. An OTP text message will look something like this:
It’s really important that you make sure that your bank has your correct contact details.
This is so they can authenticate you quickly and easily, and you can do it through your bank’s website, app, customer support line, or by visiting a branch.
For the curious, here are some links with background info on the changes:
https://www.ukfinance.org.uk/guidance/payment-services-directive-2-and-open-banking
https://www.fca.org.uk/firms/revised-payment-services-directive-psd2
FAQs:
Q: Why do you need to send me a one-time passcode (OTP) when I’m making a deposit?
A: Banks occasionally use one-time passcodes (OTP) to check it’s you when you make some online purchases. This is an important part of keeping you safe when you use your card online, and has replaced the Verified by VISA/Mastercard SecureCode password you may have used in the past. When you make a purchase online, your bank may send an OTP to the mobile number they hold for you, so it’s important you let them know if it changes. To complete your deposit, just confirm your passcode when prompted.
Q: Can I opt-out from providing this extra information when I make a deposit?
A: No - you can’t opt-out at the moment as its part of a new payments protocol so your bank can authenticate you to protect against fraud. In the future, however, you will be able to approve William Hill in your banking application as a trusted merchant, which will allow you to bypass the need to provide any extra information.
Q: Why haven’t I received the SMS you sent me to complete my deposit?
A: Your bank may send you an SMS containing a passcode to the mobile number they have on record for you. Please ensure your bank has your up-to-date contact details.