Portugal will be enforcing two-factor security requirements as of 2021 to protect consumers when making online purchases. The country’s banks will have to be set up by the end of 2020 to enable such transactions in order to be in line with changes to EU payment directives. Authentication will be required through two of three elements linked to the user, including a password, a mobile phone or other device and or a biometric such as a fingerprint.
Credit card numbers, their expiration dates or security codes will no longer be considered as authenticators as they are too easily appropriated by unauthorized persons. The assessment of compliance with these new rules will be the responsibility of EBA, the European Banking Authority, and Banco de Portugal.
