Whenever you try to request a ride, you might be prompted to authenticate the transaction with your bank via a pop-up screen. This protocol is part of Strong Customer Authentication, a new regulation for the European Economic Area requesting banks to authenticate digital transactions. This authentication protocol adds an extra layer of security to all your online transactions, in and outside of Uber.
WHAT IS STRONG CUSTOMER AUTHENTICATION?
Strong Customer Authentication (SCA) is a new European regulatory requirement to decrease fraud and secure online payments. Although the regulatory requirements are applicable to banks that issue credit cards, Uber had to build additional authentication into our order flow to complete transactions once Strong Customer Authentication goes into effect.
SCA demands and extra authentication protocol upon digital transaction with at least one of the following authentication types:
- Something the customer knows (e.g. Given PIN code or password)
- Something the customer has (e.g. SMS sent to Phone or hardware token)
- Something the customer is (e.g Fingerprint or face recognition)
Banks will include some type of extra authentication (like the ones above) to most digital transactions in order to comply with SCA. The extra authentication is set up, controlled and approved by your Bank, not by Uber.
Starting September the 14th, Banks will decline transactions that fail to be authenticated. If you would like to inform yourself about Strong Customer Authentication regulations and requirements, they are set out in the European Banking Authority and European Commission.
SCA - and the authentication protocol that comes with it - is subject to all transactions made with payment methods issued in the European Economic Area (EEA), and transactions made with them in and outside the EEA.
We expect Strong Customer Authentication regulation to be enforced in the UK, regardless of the outcome of Brexit.
HOW DO I AUTHENTICATE A TRANSACTION?
Currently, the most common way to authenticate an online transaction involves an extra step upon order, where the cardholder is prompted - by their bank - to provide supplementary information to complete a transaction (e.g. a given password, a code via SMS or a fingerprint confirmation).
DO I NEED TO AUTHENTICATE EVERY TIME I REQUEST A TRIP?
It will depend on the transaction amount/frequence and your bank's authentication policy.
WHY DO I NEED TO AUTHENTICATE MY TRANSACTION?
Authenticating your transactions (if applicable) will reduce the risk of fraud or other types of abuse. Each time you initiate a digital transaction, your bank might ask you to authenticate in order to confirm the eligibility. Please note that not all transactions will need to be authenticated, to know more about when and why extra authentication is required, reach out your bank.
HOW DO I KNOW THIS IS SECURE?
The authentication will be carried and secured by your bank. The authentication process and type of authentication (if is SMS or fingerprint) is not decided nor owned by Uber, so if you have any questions regarding security, contact your bank directly.
I ALREADY HAVE 2 STEP VERIFICATION SET UP ON MY UBER ACCOUNT, WHY DO I NEED A 2 FACTOR AUTHENTICATION?
Uber's 2 step verification is an optional feature that adds an additional layer of security to your Uber account upon log in. It will ask you to input a one time authentication code in addition to your Uber account password.
Strong Customer authentication is a non-optional, authentication protocol, aiming to provide an extra layer of security, specifically to your digital transactions.
DO I NEED TO AUTHENTICATE EVERY TIME I CLEAR MY ARREARS?
Yes, whenever a new digital transaction is initiated, you might be asked to authenticate it.
ARE THERE ANY EXEMPTIONS FOR STRONG CUSTOMER AUTHENTICATION?
Under this new regulation, specific types of low-risk payments may be excused from Strong Customer Authentication. Upon transaction, your bank will evaluate the risk level of the transaction, and ultimately decide whether to approve the exemption or whether authentication is still necessary.
Note: Other digital payments such as PayPal, Apple Pay or Google Pay digital wallets won't be subject to Strong Customer Authentication protocols.