Fingerprint or password to buy online? Some Czech banks end SMS purchase confirmation

When using e-shops a number of banks have required a code sent by text message but that is set to change for some.

Tom Lane

Written by Tom Lane
Published on 10.02.2021 14:23 (updated on 10.02.2021)

Prague-based banking group Air Bank will now require the use of a mobile app to verify online purchases rather than the use of a one-off SMS code. The company in a recent press release becoming the latest bank to move away from text message confirmation.

It is part of measures to increase security, as well as to meet the requirements of the European PSD2 directive, which "seeks to improve the existing EU rules for electronic payments. It takes into account emerging and innovative payment services, such as internet and mobile payments."

The move from Air Bank comes into effect from April 1, with other banks already moving in the same direction.

"You will always need to confirm card payments on the Internet that require confirmation in the My Air application. Without it, you will no longer pay on the Internet, "the bank wrote to clients. If you do not want to use the application for other activities, you can set it only to confirm card payments and lock other functions," said a press release from the bank.

UniCredit and Hello bank already introduced the same restrictions earlier this year. Payments must be confirmed in a banking app with a fingerprint or password, replacing the use of SMS.

All of the banks have apps that are widely available on smartphones via the App Store or on Google Play store.

According to finance website Penize.cz, Hello Bank is introducing new security measures from March 10, which will not allow online payment by debit or credit card unless the payment gateway requires strong verification through the application. "This will further protect the funds in your accounts," they explained. 

Most banks leave clients the option to continue to confirm card payments via SMS, using an e-pin. ČSOB, Česká spořitelna, mBank, Raisseisenbank, and Equa bank still use some form of SMS confirmation if preferred by the customer.

The European Payment Services Directive (PSD2) came into effect in 2019, in an effort to make electronic payments will be even more secure thanks to the introduction of “strong customer authentication” (SCA) which aims to help tackle online payments fraud. SCA ensures proper identification or authentication for all payments over €30 and takes place via an authentication process based on two specific factors supplied by the user, for example, a password, PIN code, a mobile phone, or a fingerprint.