Keeping electronic payments safe: things to know

Online payments

The internet may well be the world’s largest market and shopping place. Yet, like in a brick-and-mortar shopping mall, chances are that there may be fraudsters or thieves out there looking for easy victims. Some basic protective measures will go a long way to keep you safe:

• Make sure to use only encrypted connections to enter sensitive data like bank account or credit card details. Simply pay attention to your browser address bar. Is there a padlock icon in the left corner of the address bar? Does the address start with “https” rather than “http”? If this is the case, your connection will be secure.
• Always enter web page addresses (URLs) manually or use the bookmarks (“favorites”) function of your browser.
• Make sure to keep all information regarding your transactions private. This includes all passwords, PINs and credit card details. Ideally, also enable two-step authentication, requiring the use of two separate devices to sign on. Besides entering your password or PIN, you will also need to enter a code sent to your mobile via text message or click on a link sent to your e-mail account.
• When leaving a website, remember to use the logout button.
• Remember that the staff of online shops, auction houses, banks and the like are not allowed to ask you to share confidential information like your passwords or PINs, be it by e-mail or on the phone. Never ever share such information even if prompted to do so.
• Protect your computer against cyber attacks by installing anti-virus programs and a firewall, and by keeping these programs up to date.
• Remember to never include information that is confidential in your e-mails. Unencrypted e-mail messages are vulnerable throughout their journey from your mailbox to the recipient’s mailbox, where they might be stored for a long time.
• Use only devices you trust for your online shopping, and never shop from devices with public access.
• Make it a habit to check your account balances and transactions. Immediately report any misuse of your account to your bank.

Online shoppers typically have a choice of different payment instruments, including:

• online payment methods such as EPS, PayPal or Klarna;
• credit cards;
• internet-enabled debit cards; and
• credit transfers (cash before delivery or payment by invoice).

Because of the rollout of two-step authentication (which was made mandatory for internet payments in 2018) these instruments are fairly alike with regard to their security standards – but, as always on the internet, users need to be mindful, too.

Mobile payments

Whether you are shopping online or at a physical point of sale, there is usually a choice of simple and user-friendly payment solutions for smartphones or other mobile devices like smartwatches. Therefore, it is very important to keep strangers from accessing your smartphone in case it should ever go missing.

Make sure to activate all security features your smartphone comes equipped with. Using biometric locks (face recognition or fingerprint ID) in combination with a passcode will be your best line of defense. Use a “find my phone” app (available for both iPhone and Android phones) for remote deactivation in case your phone should get lost or stolen.

Two-factor authentication (see above) allows you to protect your smartphone payment apps with biometric and passcode locks. It is also a good idea to enable push notifications to help you stay on top of your account activity. Thus, you will get a message any time a payment has been made.

Apart from the risk of losing your smartphone, there is also the risk that malicious software (such as counterfeit apps or keylogger apps) might get installed on your smartphone.

Therefore, make sure to use security or anti-virus software for your smartphone, like you do for your computer, for best protection against fraud and to fend off fraudsters before they can do any harm.

According to data security experts, payment apps such as Bluecode, Google Pay or Apple Pay outperform credit cards somewhat from a data protection perspective, because the apps only pass on virtual account information rather than the actual credit card number.

When using buy-now-pay-later services, as offered for instance by Klarna or Amazon, make sure to check out additional costs such as any fees charged for deferred payments by online shops.

Card payments

By now, using payment cards to pay for goods and services has become common practice. The newest innovation, which has been around for a while, are contactless payments and PIN-free payments.
It stands to reason that you should watch out for your safety irrespective of whether you pay cash or use a card to make payments or withdraw cash. For effective protection, mind a few rules:

• Treat your payment cards just like you would treat cash. In other words, keep your cards safely stored.

• When a card has been stolen or lost, have it blocked right away. You will find the number you need to call at every cash machine.

• Keep your card PIN secret. Never write your PIN on your card or anywhere else and don’t share it with anyone.

• Make it a habit to check your account balances and dispute faulty transactions right away.

• Take care when entering your PIN at a cash machine or point of sale, covering the keypad with your free hand if necessary.

• Watch out for distractions when withdrawing money from a cash machine and always keep your mind switched on. In case something appears strange to you, best break off the transaction.

• Should your card be captured by a cash machine for some strange reason or should you be unable to withdraw cash, report this to your bank right away.

• One of the most common forms of fraud is skimming. This is the risk that the information stored on your card’s magnetic strip, including your PIN, could be illegally copied by a device that has been manipulated. The data thus skimmed are used to withdraw cash from outside Europe. This is why Austrian debit cards are “geoblocked” for cash withdrawals outside Europe by default. The regional settings of your debit card can be adjusted on request. Remember to check your geoblocking settings with your bank before traveling abroad.

• Payment cards

Contactless card payments

Today, you will be able to make contactless payments without having to enter your PIN with your card or your smartphone at most points of sale, using near field communication (NFC) technology. All you need to do is bring your card or smartphone within close reach of the point-of-sale terminal.

You still have to enter your PIN for payments above EUR 50 and if you have spent more than EUR 125 in several successive contactless payments since you last used PIN verification.

No matter whether your payment is contactless or not, the card payment process that occurs in the background is always the same. If you initiate a contactless payment with your smartphone, the payment is made with the payment instrument stored in your chosen payment app (e.g. credit card or direct debit). Best activate your smartphone’s NFC only when you actually wish to use it. Point-of-sale terminals that accept contactless payments usually come with a small symbol for contactless payments.

Instant credit transfers

Instant credit transfers are transfers of funds that are made available on the recipient’s account within a matter of seconds. The security standards for instant payments are very high, as they are for any other payment instruments that are common in Europe. In essence, payment initiation is based on the same kind of two-factor authentication (such as PIN + mobile TAN) as is used for regular credit transfers. Instant credit transfers can be used for many different purposes, e.g. for making payments between private individuals (peer-to-peer (P2P) payments), for buying a used car from a private seller or making other private purchases, or for buying things online. Moreover, instant payments could even be made available at points of sale. Instant payments have been available in Europe since 2017 and are being offered by most Austrian banks. The upper limit for instant credit transfers is EUR 100,000 per payment transaction.

If a payment has been credited to the wrong recipient, it may be unwound. However, as with regular credit transfers, the payment recipient must consent to the unwinding of the payment.

• SEPA Instant Credit Transfer

Making payments abroad

In general, you should not rely on a single payment method when going abroad. Credit cards and most debit cards will enable you to withdraw cash at cash points and to make cashless payments in shops and restaurants. However, it is always advisable to have a small amount of cash at hand as an alternative, for instance to be able to buy some snacks on arrival or pay for a taxi ride. Another option, next to cash and payment cards, are travelers’ checks. Travelers’ checks are very safe as a rule, as cashing in the checks requires a signature and an ID. At the same time, travelers’ checks may get “extinct” sooner or later, as acceptance at points of sale has been dwindling sharply across the globe.

Sometimes payments don’t work – why is this?

Payment infrastructures are very safe and robust in Austria and Europe. If, however, you still find yourself unable to make payments at some point, this may happen for a number of reasons. Apart from the potential unavailability of the network, something may have gone wrong during the payment process, there may be a technical problem with the payment instrument, or you may be lacking access rights. Other reasons may include insufficient account balances or authentication errors (PIN, fingerprint ID, face recognition, etc.), the point-of-sale terminal may be offline, or there may be a technical problem with the card (magnetic stripe or chip) or the smartphone (NFC antenna). In case these should be recurring problems, best ask your bank for help.