Alerte phishinghttps://www.bil.com/en/Lists/BILInternetAlerts/DispForm.aspx?ID=7Alerte phishingBeware of fraudulent emails and SMS<br><a href="/static/BILnet/phishing/index-en.html">Find out more</a> 7

6/30/2020

LuxTrust: An online shopping innovation

VISA or Mastercard credit card users currently validate most of their online purchases using 3D Secure technology. To confirm their payment, they must enter a code which is either sent by SMS or generated by their LuxTrust Token. If the validation by SMS does not change, the validation with the Token, however, will benefit from two new features from June 30.

The LuxTrust Mobile application to validate online purchases˟

Consumers who use their Token and who have the LuxTrust Mobile application will now be able to choose to use it to validate their online purchases. In this way, they will no longer be blocked if they do not have their Token to hand.

The generalised secret image for the LuxTrust Token˟˟

For users who wish to continue using their classic token, 3D Secure will in turn integrate a “secret image” into authentication. This image will systematically appear when the single-use code is entered to validate their purchases. To recall, this is the same image which is displayed when a user currently performs a banking transaction via his online bank.

If the user does not see or recognise this image, it is a sign that the site is fraudulent. The user is certainly being “phished” in an attempt to obtain his data. The user should immediately stop the transaction and contact LuxTrust or his bank to report it.

A first step before the generalised appearance of 3D Secure authentication in 2021

These innovations are the result of the market's adaptation to comply with the European Payment Services Directive (PSD2). The aim is further to enhance the security of online transactions and to reduce the fraudulent use of credit cards on the Internet. From 1 January 2021, the majority of European merchant sites will require consumers to authenticate payments with 3D Secure when shopping online.

A reminder from banking operators regarding consumer security

Following recent “phishing” attempts imitating their own communications, Luxembourg banks and LuxTrust have issued a reminder that they will not send any communication asking users to authenticate themselves or to link their LuxTrust account to 3D Secure.

In order to protect their personal data, consumers are invited to follow a few simple recommendations:

  • Do not answer emails or SMS messages inviting you to click on a link as a matter of urgency.
  • Never give your account number, credit card number, LuxTrust identifiers or other personal data.
  • Do not open messages from a sender not known to you.
  • If you are in any doubt, cancel the transaction and contact your bank or LuxTrust directly.

˟ The LuxTrust Mobile option will be available in October for Bank of Luxembourg customers.
˟˟ The secret image does not apply for the LuxTrust Scan users.