SAFE FINANCES

Coverage about cash flow services safety

On payment services in the internal market and the 2002/65/EK, the 2009/110/EK and the 2013/36/EU directive and the 1093/2010/EU decree modification about European Parlament and the Council (EU) 2015/2366 directive, also the 2007/64/EK directive overrule (henceforward: „SCAr”), together with the Commission (EU) 2018/389 based on authorisation , The(EU) 2015/2366 european parlament and council directive the strong client-authentication, also the collective and secured open kommunication standard relevant condition technik standards in point of supplement (henceforward: „PSD2”) under the directive, for the increased safety electronic pay about the cash flow service 2009. annual LXXXV. law got modified, by some cash flow services and the Strong Customer authentication application got obligatory.

What is authentication?

A proceeding, which allows the payment service provider to identify the customer or the validity of the use of the cash substitue payment instrument, including the customer’s personal credentials.

What is the Strong Customer Authentication?

During Strong Customer Authentication, payment transactions are authenticated using at least two of the following items.

  • knowledge, only information known tot he recipent of the service(for example PIN code);
  • possesion, only the thing owned by the recipient of the service(for example mobile phone);
  • biological property, the characteristic of the user of the service (biometrics finger print);

Breaking one does not affect the reliability of the others and the confidentiality of the identification data is ensured through the design of the procedure.

Strong Customer Authentication (SCA) is a verification step for credit card purchases and electronic payments that ensres that only the cardholder can authenticate their financial transactions. The Strong Customer Authentication protects the cardholder and its application allows the payment service provider to identify the payer with high security, thus minimizing possible misuse.

When is a payment service provider required to use Strong Customer Authentication?

The payment service provider shall use strong customer authentication when the payer accesses her payment account online, initiates an electronic payment transaction or executes any transaction through a remote channel that could lead to payment fraud and other abuses.

How does Strong Customer Authentication affect the card use of OFS customers?  

  • In case of Online credit card purchase:As a general rule, online purchases can be approved with two-step authentication over HUF 10,000. If the amount of consecutive online payments exceeds HUF 35,000, strong customer authentication is required for small payments (below HUF 10,000).
  • In case of Payment Gate login:A one-time password (confirmation code) sent via SMS is also required to access the Payment Gateway.
  • For credit card payments at a physical point of sale (POS):If the amount of consecutive contactless payments exceeds HUF 45,000, it is also necessary to enter the PIN code for small payments (below HUF 15,000).

How to do Strong Customer Authentication for online credit card purchases?

  • SMS based approval: if you do not have an activated OFSZ eID application, you can confirm the payment transaction with the disposable code sent tot he telephone number registered with OFSZ after entering the bank card details.

Before confirming, you must check the information displayed on the transaction authentication interface (merchant’s name, payment amount, date of payment) and if you find it correct, enter the one-time code received in the SMS when initiating the payment and the ”Next” button.

  • Approval on the OFSZ eID Application:If you have an activated OFSZ eId application, you can also confirm the payment transaction by entering your own PIN code or entering biometric data (finger print) on your phone, it will then be redirected tot he merchant’s website.

Before approving, check the details of the initiated payment ont he screen (merchant name, payment amount, bank card number used for payment)! If you find the details of the transaction to be correct, you also acknowledge that you initiated it, click ont he ”Confirm payment” button! Identify yourself with mPIN / TouchID! Click the ”Confirm” button in the authentication interface to complete the payment and redirect you to the merchant’s page.

If there is a technical obstacle tot he identification in the eID application (for example: lack of internet connection, response timeout), the approval follows the SMS-based approval solution used for cardholders who do not have the application,

 What is OFSZ eID application?

OFSZ eID is a mobile token application that simplfies and speeds up the credit card payments for cardholders and ensures the security of transactions by meeting the requirements for Strong Customer Authenticator.

What are the technical requirements of the OFSZ eID application?

The operating system on the mobile device, tablet, must be supported by Apple or Google, (currently the supported operating system version is at least v5.0 + (Lollipop, API 21) and IOS 10.0+).  The device must have a minimum screen resolution of 240 x 320 and a minimum of 512 MB of RAM. To use Touch ID, your Android device must e compatible with Google Finger print API.

Only one active OFS eID application is possible per cardholder.

 How can i install and activate the application?

The app must be downloaded from Apple Store, Google Play or Huawei AppGallery. The OFSZ eID app is available on Hungarian and English language as well.

Log in tot he OFSZ eID Application and as described there use the OFSZ customer service to identify yourself and activate the application. Before installing the app make sure that your phone number is properly registered with the SFO. If it is not recorded or is not recorded correctly, you can request recording in the following ways:

  • Through a call center: +36 (1) 999 2222
  • In persona t out Central Branch (1027 Budapest, Kapás street 6-12., Opening hours: Mon-Fri: 07:00-19:00)

The activation code has 16 numbers (for security reasons, the length of the activation code is 16. The first 8 numbers are printed in a secure envekope and shared with the user in the branch and the last 8 are sent tot he user via SMS) The activision codes are live for 24 hours straight.

What kind of personal data uses and sends forward the application?

During the OFS eID application, the SFO will only be notified of the authentication and your personal data – biometric data – and pin code will not be processed or transmitted by the SFO. Authentication is done through your phone.