Gbit and PSD2

Trying to move a transaction from one card to another but failed because, as per my bank email:

From January 1, 2021, this legislation requires for certain types of online transactions, including the one performed by you, that payment be made through enhanced customer authentication by inserting two recognition factors.
We understand that the merchant with whom you made the transaction did not request such authentication. Therefore, to protect your safety and comply with the law, it was not possible for us to authorize the payment.

Does Curve have plans to address the situation? Otherwise GBIT will probably be useless eventually.

If your bank would implement this consistently then also using their card directly as underlying card on a Curve card transaction would require enhanced customer authentication (“for certain types of transactions”).
Because a direct transaction with your Curve card (even at a physical shop) is for your underlying card just as online as a GBiT transaction.
Are you still able to use this card directly as underlying card on Curve (“for this type of transaction”)?

On both occasions (direct and GBiT) I think a bank is wrong in asking for enhanced customer authentication.

I moved a few transactions to this card without problems but afaik was never asked for psd2 auth on the original transactions.

You would not have been asked during the original transaction, because Curve is not offering this.
The 3DS Curve is offering on some online transactions is 3DS for the Curve card, not for your underlying card. What your bank wants is for Curve to use the 3DS of your bank (!) when doing a GBiT transaction.
So because Curve is not offering this option (not on original transactions, nor on GBiT transactions) the transaction would be rejected (and only by informing at your bank afterwards, the reason would be made clear to you).

Was this after January 1 2021? If so, in which way differed the rejected transaction from the previous successful ones? Trying to find out what your bank means with:

I’ll try to explain better.

Transaction 1 (online shopping on amazon), no 3ds auth requested, moved without problems from card A to card B

Transactions 2 and 3 (online shopping on quadlock website), no 3ds auth requested afaik, moved without problems from card A to card B

Transaction 4 (online shopping on Google Store), 3ds auth via sms code, can’t move it with GBIT

Thank you for the clarification.

When doing GBiT (also on the original transaction by the way) for your bank Curve is the merchant.
When the 3DS auth on the original transaction was performed Google Store is the merchant and the 3DS authentication that is performed is the 3DS authentication of your Curve card, not the 3DS authentication of the underlying bank card. So when your bank states this:

Your bank expects Curve as a merchant to enable the 3DS auth of your bank (card). That is why I wouldn’t be surprised that if you would have used the card of this bank as an underlying card on the original transaction it also would have been rejected. Just like what used to happen here and is still happening here.

Either way in my opinion the interpretation of the PSD2 legislation by this bank is faulty (as you can read here the Hungarian central bank agrees with me :blush:). And if it is only affecting GBiT transactions I would be very surprised if the underlying cards of other banks are also affected.

2 Likes