EN
Corporate

New Norwegian rules for strong customer authentication in online commerce

logo
Legal news
calendar 23 September 2019
globus Norway

On 14th September 2019, the remaining rules of the EU Directive PSD 2 entered into force in the EU as well as in the EEA Area. In Norway, strong customer authentication has been required by law since January 2016. The new rules are a continuation of this and aim to make e-commerce safer through more requirements for the web-shops' online payment systems. From now on online payments can only be made using strong customer authentication in Norway. IUNO takes a closer look at the new Norwegian rules and how they will affect e-commerce in Norway.

Higher customer authentication requirements - safer online commerce

The PSD2 rules, introduced in January 2018, aim to make online payments safer and avoid cases of credit card misuse. Requirements for strong customer authentication involve a two-factor authentication when making payments over the internet. The rules will, therefore, affect businesses and traders engaged in online commerce.

From now on, customers will have to pass through at least two of the following elements when approving an online payment:

  • Something the payer knows (e.g. a password)
  • Something the payer has (e.g. a debit card)
  • Something the payer is (e.g. fingerprint)

Therefore, it is important that all Norwegian businesses with an online shop have made sure that their online platform supports at least two of the above-mentioned elements. In order to finalize a transaction, customers must approve their payment with at least two factors, for example payment cards and a confirmation code on SMS.

Before the deadline for the implementation of the new rules the Norwegian Financial Services Authority assessed that the Norwegian banks and other parties providing payment solutions would not have noteworthy problems with meeting the requirements of PSD 2. Only time can show whether this will be the case.

Transitional period

There is no general transitional period. The rules were effective from 14 September 2019. In order to avoid negative consequences, the European Banking Authority (EBA) has given the National Financial Service Authorities the opportunity to give companies a limited time period to adapt to the new requirements. The Norwegian Financial Services Authority has, therefore, stated that companies can apply individually for a time-limited implementation period if needed. A detailed plan must be presented to the Financial Services Authority and should outline how they will comply with the rules. This is the same practice as followed by Sweden. EBA will announce deadlines for the completion of the migration plans later this year.

Failure to comply with the new rules

All businesses are liable for any losses incurred in connection with any abuse if they are not compliant with the new rules. In addition to this, the financial companies and other parties in the payment flow have the right to reject payments that have not been made with two-factor approval and, therefore, one can risk losing profit.

IUNO’s opinion

It is important that all Norwegian online businesses secure their online payment solutions and that they make sure to have the necessary technical layout of their web-shops. If companies do not comply, they risk having their customers' payments rejected.

If your company is not compliant, it is important to contact the Financial Services Authority and request for an individual time-limited implementation period. If you have any questions about the new rules or need our help to request for an individual time-limited implementation period, please do not hesitate to contact us.

 

Higher customer authentication requirements - safer online commerce

The PSD2 rules, introduced in January 2018, aim to make online payments safer and avoid cases of credit card misuse. Requirements for strong customer authentication involve a two-factor authentication when making payments over the internet. The rules will, therefore, affect businesses and traders engaged in online commerce.

From now on, customers will have to pass through at least two of the following elements when approving an online payment:

  • Something the payer knows (e.g. a password)
  • Something the payer has (e.g. a debit card)
  • Something the payer is (e.g. fingerprint)

Therefore, it is important that all Norwegian businesses with an online shop have made sure that their online platform supports at least two of the above-mentioned elements. In order to finalize a transaction, customers must approve their payment with at least two factors, for example payment cards and a confirmation code on SMS.

Before the deadline for the implementation of the new rules the Norwegian Financial Services Authority assessed that the Norwegian banks and other parties providing payment solutions would not have noteworthy problems with meeting the requirements of PSD 2. Only time can show whether this will be the case.

Transitional period

There is no general transitional period. The rules were effective from 14 September 2019. In order to avoid negative consequences, the European Banking Authority (EBA) has given the National Financial Service Authorities the opportunity to give companies a limited time period to adapt to the new requirements. The Norwegian Financial Services Authority has, therefore, stated that companies can apply individually for a time-limited implementation period if needed. A detailed plan must be presented to the Financial Services Authority and should outline how they will comply with the rules. This is the same practice as followed by Sweden. EBA will announce deadlines for the completion of the migration plans later this year.

Failure to comply with the new rules

All businesses are liable for any losses incurred in connection with any abuse if they are not compliant with the new rules. In addition to this, the financial companies and other parties in the payment flow have the right to reject payments that have not been made with two-factor approval and, therefore, one can risk losing profit.

IUNO’s opinion

It is important that all Norwegian online businesses secure their online payment solutions and that they make sure to have the necessary technical layout of their web-shops. If companies do not comply, they risk having their customers' payments rejected.

If your company is not compliant, it is important to contact the Financial Services Authority and request for an individual time-limited implementation period. If you have any questions about the new rules or need our help to request for an individual time-limited implementation period, please do not hesitate to contact us.

 

Receive our newsletter

Aage

Krogh

Partner

Similar

logo
Corporate

20 November 2024

Expensive words: Large fines for misleading environmental claims

logo
Corporate

21 October 2024

Encouraging tagging on SoMe is prohibited in Denmark

logo
Corporate

23 March 2022

Changes to the Danish Sale of Goods Act: Guarantees

logo
Corporate

2 March 2022

What do the sanctions against Russia mean for your company?

logo
Corporate

23 February 2022

Overview: New rules for sale to consumers

logo
Corporate

13 December 2021

How to avoid illegal shareholder loans

The team

Aage

Krogh

Partner

Aurora

Maria Thunes Truyen

Junior associate

Caroline

Bruun Ibsen

Senior legal advisor

Josephine

Gerner Amaloo

Legal assistant

Karoline

Skak Kristensen

Legal assistant

Mai

Haaning Kristensen

Legal assistant

Matilde

Grønlund Jakobsen

Senior Associate