More authentication keeps your Account secure
To keep your account even more secure, we’ve introduced additional layers of security.
When you shop online, instore with contactless and when you access your Online Account you may need to verify yourself more often.
So you can receive verification codes and verify yourself, check your mobile number is up to date and download the American Express® App and enable ‘push notifications’.
Why the change?
The EU Revised Payment Service Directive (PSD2) is a regulation that focuses on increased security checks to protect you from fraud. This means all Card issuers and banks need to verify your identity more often when you shop online, instore with contactless and when you access your Online Account.
You'll see more of SafeKey®
You may need to verify your identity more often
We will send you verification codes via email, SMS or App push notification. To ensure you can receive verification codes, check that your contact details are up to date. To receive App push notifications, download the Amex App and enable ‘push notifications’ in your device settings.
You may need to enter part of your Card PIN
Occasionally we may need to ask for more than one piece of information, in those cases we will need you to enter part of your Card PIN. This is the same PIN that you use in-store. You can view your Card PIN in your Online Account.
Frequently Asked Questions
PIN
Your Card PIN is a Personal Identification Number which helps us to verify your identity when using your Card. It’s made up of four digits and is uniquely bound to your Card; it acts as a passcode to help prevent fraud.
You can view or change your Card PIN in your Online Account.
To view your PIN:
- Log in using your username and password. Once logged in, click on the 'Account Management' tab.
- Click on 'View PIN', you'll then be asked some security questions. Please answer and follow the steps as prompted on screen.
To change your PIN:
- Log in using your username and password. Once logged in, click on the 'Account Management' tab.
- Click on ‘Change PIN’, you'll then be asked some security questions. Please answer and follow the steps as
prompted on screen.
Or you can view or change your Card PIN through the Amex App. Click on the ‘Account’ tab within the Amex App, select 'Manage Card PIN' and follow the prompts to view or change your PIN.
European legislation (the Payment Services Directive, known as ‘PSD2’) requires payment providers to perform additional authentication when you check out online to help prevent fraud. Certain transactions require stronger authentication such as asking for additional information to help verify your identity. Your Card’s Personal Identification Number (PIN) helps us to ensure it’s really you who is using your Card online as only you know your PIN. You will never be asked to enter your full PIN online.
Yes. You won’t ever be asked to enter the full four digits during online checkout and will only be asked for it in SafeKey with the digits hidden once you have entered them. Your PIN will be encrypted in SafeKey when it is sent for verification.
You can unlock your PIN in your Online Account.
Log in to your Online Account, click on the ‘Account Management’ tab and then ‘View PIN’. An alert will appear to unlock your PIN. Follow the prompts to unlock your PIN. You can also change it to something more memorable in your Online Account.
Or you can unlock your PIN in your Amex App.
Log in to your Amex App, click on ‘Manage Card PIN’. An alert will appear to unlock your PIN. Follow the prompts to unlock your PIN.
We won’t ask for part of your Card PIN every time you shop online, only when we need to perform an additional security check.
Add online sites to your Express List in your Online Account
Adding online sites to your Express List means you won’t have to verify yourself unless we need to check it’s really you who is making the purchase. You can set up your Express List in your Online Account:
- Log in using your username and password. Once logged in, click on the 'Account Management' section.
- Click on ‘Manage Express List’.
- You’ll be shown a list of online sites you have shopped at using your American Express® Card. Click ‘Add’ to add them to your Express List.
Download the Amex App
If you prefer not to enter your Card PIN and verification code, you can download the Amex App and enable push notifications in your device settings.
How to enable push notifications:
iPhone users: Head to the Amex App and select ‘Device Settings’, then select ‘Notifications’, then ‘Amex UK’ and finally select ‘Allow Notifications’.
Android users: Head to the Amex App and select ‘Device Settings’, then select ‘Apps/Applications Manager’, then ‘Amex UK’ and finally select ‘Show Notifications’.
When you check out online we will then ask you to verify your identify by sending you an App push notification to confirm your purchase. Sometimes you may need to also log in to the Amex App to do this.
If you changed your PIN in your Online Account you can immediately start using your new PIN when shopping online.
The next time you use your PIN in-store you will need to use your old PIN once before you can start using your new PIN. This is so that your new PIN can be sent to the Chip in your Card at the terminal.
Legitimate websites will never ask for your full PIN. Additionally, you will never be asked by email or over the phone to provide your PIN. If you receive an email
requesting your PIN, you can forward the message to UKEmailFraud@americanexpress.com.
If you have provided your PIN in full to an unknown person or an unknown company, you should change your PIN immediately using the method described above. You can also request a replacement Card by calling us on the number on the back of your Card.
SafeKey
A new legislation, the EU’s Second Payment Services Directive (PSD2) requires all Card issuers to perform Strong Customer Authentication (SCA) to payments made online. SCA is a two-factor authentication process designed to add an extra layer of security when you make an electronic payment. These rules mean that from 25 August 2020 we are required to apply them for relevant online payments. If your transaction meets the requirement for additional authentication checks and the merchant had not enabled SafeKey then the regulation mandates that we decline the transaction.
SafeKey is the American Express online verification service. Many thousands of merchants have already enabled SafeKey. Some, but not all, may display the SafeKey logo. If you want to check if a specific merchant has enabled SafeKey you should contact them directly.
Some sites may not be technically ready to add SafeKey to their online checkout journey. Please contact the merchant directly if you have any questions about their checkout journey.
The EU regulation requires that American Express apply Strong Customer Authentication (SCA) for online payment transactions. SafeKey is the American Express online verification system helping us to ensure that the person making the transaction is who they say they are.
If your transaction meets the requirement for additional authentication checks and the merchant had not enabled SafeKey then the regulation mandates that we decline the transaction.
We may also have to decline your transaction if we suspect fraudulent activity on your Card or we are unable to verify your identity. If this is the case we’ll usually be in touch straight away via email, SMS or telephone.
The new authentication rules will apply when you shop online at merchants located within the EEA. Some European Economic Area (EEA) countries may follow a slightly different schedule in the implementation of these rules, so you may have a different experience depending on where the online site is located.
Express List keeps your online checkout safe and simple
Your Express List helps you save time checking out
safely for the things you love.
It’s a personalised list of websites you’ve shopped at online. You can add websites onto your Express List, so next time you shop at those websites, you won’t have to verify yourself unless we need to check it’s you.
Managing your Express List
You can manage your Express List in your Online Account or in SafeKey when you are shopping online. Watch this video to learn how to manage it.
Contactless Card: You may see more Chip and PIN
Most of the time you will be able to use your contactless Card as usual. However, you may sometimes be asked to enter your PIN. On these occasions, the terminal will ask you to place your Card into the card reader and enter your PIN.
Contactless is a secure way to pay. Our security systems work in the background checking your purchase against your previous buying patterns and thousands of other patterns, looking for irregularities that might signal fraud. If we suspect a problem, our team will contact you by call, text or email to check it was you making the purchase.
If you’ve forgotten your Card PIN, you can see it online.
Contactless Mobile Payments
No changes or additional steps are required when making a contactless payment using your mobile wallet including; Amex Pay, Apple Pay, Google Pay or Samsung Pay as strong authentication is already in place for relevant purchases.
To learn more about mobile payments security, click here
*You still will be able to use your Card and mobile wallet as usual on the underground.
We added an additional layer of security to your Online Account to make sure the person logging in is really you.
Here’s what you’ll see:
- Log in normally with your username and password or biometrics
- Enter the verification code we send to you
- Tell us whether we should Remember This Device in the future
Choosing Remember This Device helps speed up your log in experience without compromising on security. Our systems are working in the background 24/7 to ensure your Online Account is secure.
If you’d rather enter verification codes as part of your log in journey, you can skip the Remember This Device step.
You can manage your remembered device setting at any time on americanexpress.com or via the American Express® App.
Frequently Asked Questions
Two-Step verification is an enhanced security check for Account login.
Step One: We verify your username and password or biometrics.
Step Two: We verify that you are logging in from a device we trust by sending you a verification code. We'll send a verification code any time you log in using a device we don't recognize. You can tell us to Remember This Device and we won’t send verification codes when you log in from that device in the future.
We recommend setting up any device which you regularly use to log into your Online Account or the Amex App. You can choose to set up more than one trusted device e.g. your mobile phone, your personal laptop, your tablet. You should not enable Remember This Device on shared devices or public computers.
We’ll send a verification code if we ever need to re-verify your device, for example if you clear your cache and cookies or happen to delete and reinstall the Amex App. You’ll see these requests more often if you login via the web.
The verification code we send is unique to you alone. This means that when you enter this code on your device, we can be confident that it’s really you who is making the request to Remember This Device. Our systems capture this information so next time you login on the same device we’ll know that we can trust it.
Yes. Our security systems will be running in the background as usual, so we’ll always perform additional checks if needed.
It’s important that we have your up to date contact details on file. You can check and update your details at anytime by logging into your Online Account. If you have any issues, then please call the number on the back of your Card and we’ll be able to update your details.
Security and convenience
We're making sure the way we authenticate you maintains our high security standards and is also less hassle for you.
Our existing security systems
We use sophisticated technology to help keep your Account safe. We've made big investments in the advanced machine learning that powers our intelligent security systems. This means we're confident it's you making the purchase, even when you're using contactless or shopping online. If we suspect a problem, our team will contact you by call, text or email to check it was you making the purchase. The complex algorithms we use are built using data from millions of payments. We check your purchase against your previous buying patterns and thousand of other patterns, looking for irregularities that might signal fraud.
And unlike most other Card companies, we both supply the Card and process the payment, making us uniquely well-placed to spot any unusual activity and solve problems faster.