New regulation means more authentication
Beginning 14 September 2019, a key part of the EU Revised Payment Service Directive (PSD2) is coming into effect. Its focus on security means all card issuers will need to verify your identity more often when you shop online, in-store with contactless and when you access your Online Account.
How it will work for you
The new regulation requires you to authenticate yourself more often when you are shopping online, in-store or accessing your Online Account.
Please check your contact details are up-to-date, in case we need to send you a verification request so we know it's you who's making the purchase.
You’ll see more of SafeKey®
SafeKey will appear more often during the checkout stage.
SafeKey helps protect you against fraud while shopping online by confirming it's really you making the purchase. You will also receive verification requests by text, email or push notification more often, as you complete your online payments.
So now’s a good time to confirm your contact details are up to date.
Express List gives you more control over security
Your Express List is a personalised list of American Express approved merchants you’ve recently shopped at during your online checkout. By selecting merchants, you won’t need to receive verification codes when you shop there, unless we need to confirm it's you making the purchase.
Setting up your Express List
You will see Express List during your online shopping journey. Watch this video to learn how to set it up.
Contactless Card: You may see more Chip and PIN
Most of the time you will be able to use your contactless Card as usual. However, you may sometimes be asked to enter your PIN. On these occasions, the terminal will ask you to place your Card into the card reader and enter your PIN.
Contactless is a secure way to pay. Our security systems work in the background checking your purchase against your previous buying patterns and thousands of other patterns, looking for irregularities that might signal fraud. If we suspect a problem, our team will contact you by call, text or email to check it was you making the purchase.
If you’ve forgotten your Card PIN, you can see it online.
Contactless Mobile Payments
No changes or additional steps are required when making a contactless payment using your mobile wallet including; Amex Pay, Apple Pay, Google Pay or Samsung Pay as strong authentication is already in place for relevant purchases.
To learn more about mobile payments security, click here
*You still will be able to use your Card and mobile wallet as usual on the underground.
Changes to your online Account access
We’re adding an additional layer of security to your online account to make sure the person logging in is really you.
Here’s what you’ll see:
- Log in normally with your User ID and password or biometrics
- Enter the verification code we send to you
- Tell us whether we should Remember This Device in the future
Choosing Remember This Device helps speed up your log in experience without compromising on security. Our systems are working in the background 24/7 to ensure your Online Account is secure.
If you’d rather enter verification codes as part of your log in journey, you can skip the Remember This Device step.
You can manage your remembered device setting at any time on americanexpress.com or via the Amex App.
Forgotten your online User ID or password? Easily reset them here.
Frequently Asked Questions
Two-Step verification is an enhanced security check for Account login.
Step One: We verify your username and password or biometrics.
Step Two: We verify that you are logging in from a device we trust by sending you a verification code. We'll send a verification code any time you log in using a device we don't recognize. You can tell us to Remember This Device and we won’t send verification codes when you log in from that device in the future.
We recommend setting up any device which you regularly use to log into your Online Account or the American Express® App. You can choose to set up more than one trusted device e.g. your mobile phone, your personal laptop, your tablet. You should not enable Remember This Device on shared devices or public computers.
We’ll send a verification code if we ever need to re-verify your device, for example if you clear your cache and cookies or happen to delete and reinstall the Amex App. You’ll see these requests more often if you login via the web.
The verification code we send is unique to you alone. This means that when you enter this code on your device, we can be confident that it’s really you who is making the request to Remember This Device. Our systems capture this information so next time you login on the same device we’ll know that we can trust it.
Yes. Our security systems will be running in the background as usual, so we’ll always perform additional checks if needed.
It’s important that we have your up to date contact details on file. You can check and update your details at anytime by logging into your Online Account. If you have any issues, then please call the number on the back of your Card and we’ll be able to update your details.
Security and convenience
We're making sure the way we authenticate you maintains our high security standards and is also less hassle for you.
Our existing security systems
We use sophisticated technology to help keep your Account safe. We've made big investments in the advanced machine learning that powers our intelligent security systems. This means we're confident it's you making the purchase, even when you're using contactless or shopping online. If we suspect a problem, our team will contact you by call, text or email to check it was you making the purchase. The complex algorithms we use are built using data from millions of payments. We check your purchase against your previous buying patterns and thousands of other patterns, looking for irregularities that might signal fraud.
And unlike most other Card companies, we both supply the Card and process the payment, making us uniquely well-placed to spot any unusual activity and solve problems faster.