First Direct unleashes new layer of security checks for online card payments: Customers told they’ll need to type in email address when paying
- First Direct to ask customers to type in their email address when paying online
- Bank already sends customers a 6 digit passcode by text to confirm it’s them
- It will monitor how each customer enters email address via keystroke
- Data will be stored for up to 3 months and be compared against previous entries
- Known as ‘behavioural biometric’ data and it should be unique to each customer
First Direct customers are facing the prospect of an arduous extra security check in order to make online payments.
The bank is planning to ask customers to type in their email address as well as their one-time passcode when making online card payments.
First Direct claims the decision has been made to make the payment process more secure and protect customers from fraud.
The purpose for asking customers to type in their email address is about monitoring how each customer enters the email address – including the keystrokes
At present, First Direct sends its customers a six digit passcode via text message to confirm it’s them when making some online purchases – these passcodes have become more frequent in recent years.
This is typical of many banks and only poses an issue if there is a problem with phone signal or if the mobile number itself has been recorded incorrectly.
However First Direct’s new email address requirement takes security protocol one step further.
It says the purpose isn’t about checking the email address or updating records, but about monitoring how each customer enters the email address – including the keystrokes.
It’s known as ‘behavioural biometric’ data and it should be unique to each customer.
First Direct will record this data and it’ll be stored for up to three months, so it can be compared against previous entries.
The bank will then use this data in future, together with other information like a person’s location and how they use their device, as an added measure to help it reduce the risk of fraud.
Although some may welcome the heightened security, others may be concerned by the extra admin of having type in their email address as well as the potential for online payments being more frequently declined.
It’s not clear whether typing an email address a little slower than usual or if you’re overseas will mean blocked payments.
On its website First Direct states: ‘When you enter your email address, we keep a record of how it’s entered and compare it next time you make a payment.
‘If it doesn’t match, payments may not go through until we can confirm it’s you making them.
‘As fraudsters become more sophisticated, we believe it’s in the substantial public interest to include this extra layer of security to protect you and your payments from fraud.’
With banks advising customers to ignore text messages requesting personal information such as email addresses, some customers may also be forgiven for querying whether the prompt is genuine.
Can you avoid the email address security check?
There is an alternative route for those First Direct customers who don’t want to type their email address in order to receive a one-time passcode – but they’ll have to use the First Direct mobile app – which means having a smartphone or tablet.
You can log into the app by using a Digital Secure Key password or by using Tough ID or Face ID on your mobile phone. Once on, you can confirm a debit or credit card payment.
To do this, you select the First Direct app whenever you see the request to confirm a card payment while you’re checking out during an online purchase.
Once you’re on the app you can either confirm or reject the payment. To confirm, you’ll just need to use your fingerprint recognition or Digital Secure Key to confirm it’s you.
Once that’s done you then need to return to the checkout and click ‘Payment confirmed on Mobile App to complete the purchase.