STRONG CUSTOMER AUTHENTICATION SECURITY PROCESS
Effective on 2 November 2018, a new Strong Customer Authentication (SCA) security process will be introduced for internet purchases made with EMEA Bank of America Merrill Lynch branded commercial cards.
Commercial card internet purchases refer to online card purchases, e.g. online card payment for train tickets from the merchant’s website.
- When the cardholder makes a commercial card internet purchase, a one-time passcode (OTP) will be sent via SMS text message to the cardholder’s registered mobile phone number. The OTP needs to be entered along with the card credentials to complete the purchase.
- If cardholders do not to provide a mobile phone number, internet purchases may be declined as the OTP will not be delivered and SCA not being completed. We encourage cardholders to provide a corporate mobile phone number where available, otherwise a personal mobile phone number is acceptable. As per our privacy notice, we may need to collect and process Personal Data in order to provide the requested service. The cardholder Data Privacy Notice covers telephone number and any Personal Data collected will be used for legitimate business purpose only; in this case to facilitate internet purchases and comply with the regulation.
- This is a regulatory requirement under the European Banking Authority (EBA) Guidelines on the Security of Internet Payments and Second Payment Services Directive (PSD2) that obligates the Bank to ensure cardholders complete SCA for commercial card Internet purchases. There are certain transactions that do not require SCA - please refer to the below guides for further details.
- There is no change for point-of-sale transactions and cardholders will continue to use their card and enter their PIN for authentication.
For more information, including how SCA works, please read the below guides.