Online security changes

New requirements for authenticating online payments have been introduced as part of the second Payment Services Directive (PSD2).
Find out more

Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is one of the key requirements of PSD2, a new European regulation which came into force in September 2019.

SCA focuses on improving online security and reducing consumer fraud. Under the new regulations, you have greater protection when you make electronic payments or transactions, such as shopping or banking online.

How does it work?

SCA requires customers to prove their identity using two of the following three elements (also known as two-factor authentication):

Knowledge
Something you know
(eg password or PIN)
Possession
Something you have
(eg card or mobile phone)
Inherence
Something you are
(eg fingerprint or Face ID)

How does it affect me?

If you’re an Internet Banking customer, there is an additional security check using SecureCall when you log on or make changes to your account.

If you use our Mobile Banking app, you are required to enter your Passcode to add a payee, make a payment or make changes to your account.

Download our Mobile Banking app

If haven't already, download our Mobile Banking app. It's the quickest and easiest way to manage your accounts.

mobile-panel-appstore.png mobile-panel-googleplay.png

FAQs

  • Why is SCA needed?

    Following a sharp rise in online consumer fraud in recent years, the European Commission intervened by placing SCA requirements on member countries as one of the core components of PSD2.

  • What kind of transactions are affected?

    SCA generally applies to customer-initiated electronic payments, such as card payments and bank transfers.

    However, not all transactions require additional authentication. There are a number of exemptions, listed below:

    • Trusted beneficiaries (verified payees)
    • Recurring payments (the initial setup will require SCA)
    • Low value or low risk transactions
    • Contactless payments
    • Unattended terminals (parking and transport)
    • Secure corporate payments

    Additionally, direct debits, mail / telephone orders or transactions where either the Issuer or Acquirer is located outside the European Economic Area (EEA) are not affected.

  • What is SecureCall?

    SecureCall is a fraud prevention feature of Internet Banking which is designed to help protect you and your money from online fraud.

    You may already be familiar with SecureCall as we use it to verify payments to new payees. It is now required when you log on or make changes to your account.

    You can read more about SecureCall on our Help & Support pages.

  • What do I do if I've forgotten my Passcode for the Mobile Banking app?

    You can reset your Passcode for the Mobile Banking app by registering your device again. Simply select 'I forgot my Passcode' from the log on screen in the app and follow the instructions.

    To reset your Passcode using the app, you will need your Customer Number and Access Code which you use to log on to Internet Banking.

  • How do I update my contact details?

    You can update your landline number on Internet Banking or over the phone if you have your registered mobile to hand. To update your mobile number, you can visit a local branch, send us a signed request to Investment Services, Cumberland Building Society, Cumberland House, Cooper Way, Parkhouse, Carlisle, CA3 0JF or by email to help@cumberland.co.uk.