Any time you buy something online, or log on to to your bank account, you may be asked to enter a code that the bank will send to your mobile phone.


It’s part of new rules called Strong Customer Authentication that are designed to make sure it really is you that’s using the card.

In 2018 in the UK, debit, credit and payment card fraud cost £671 million and it’s card providers who normally pick up the bill.

So they are very keen to make fraud more difficult. The rules were made by the EU but will remain in force even when we leave.

A lot of banks and card providers are already introducing the new procedures, although they will not become compulsory until 14 March 2021.

More like this

If you bank on an app on your mobile phone you may be able to authorise the payment with your fingerprint or face.

In other cases when you are about to pay for something online, or log on to your account, you will be sent a six-digit code by text to enter on the payment page.

It may not happen every time as there are exemptions, but it will become more common, especially for items around £30 and payments to new suppliers.

However, a survey by consumer organisation Which? found four per cent of adults don’t have a mobile phone, and 13 per cent live where signal strength is poor.

Some banks will send the code by email or call your landline and an automated voice will speak the digits.

Others will insist you call them to authorise the sale, or even go into a branch – often easier said than done. People with some disabilities may also struggle to use the code.

The banking industry trade body UK Finance says only that it expects “appropriate solutions” to be in place. Fraudsters are already exploiting the new rules by sending emails pretending to be from a bank asking for details needed for authentication.

If that happens do not give any information. Call your bank on a number you already have and check what its procedures are.

For more information, visit and search “strong customer authentication”.