The scam of unauthorized charges on the PostePay card it would be attributable to some exhibitors operating outside Europe and do not adopt the authentication standard required by European legislation on payment systems. However, these transactions can be contested by the user, who can then ask for the re-credit of the stolen sum.
According to what was explained by Poste, the phenomenon would have affected 0.5% of the cards operating online and the company is proceeding to charge back the amounts unauthorized transactions to the various merchants, then crediting the sums to the customers involved.
Over the past few weeks, many people have raised the alarm, reporting on Facebook and Twitter that their card balances had been eroded by repeated microtransactions worth around 4 euros, charges relating to purchases on Google Play never made by PostePay holders: “Guys what is happening, 4.31 euros have disappeared. The card is a Google Play payment in dollars, I have not set up any card on Google Play “, is the comment published on October 26 last in the reviews page of the prepaid card app of Poste Italiane on the Play Store. Unauthorized payments that some people have reported on Twitter also last September: “I found payment transactions that I was not aware of on my PostePay, made on the same day on behalf of Google Play”.
The case
Unauthorized charges from the Play Store, what happens on the PostePay card?
by Marco Cimminella
What happened and what is the PSD2 standard
Poste explained that the problem would be due to some merchants who operate outside the European borders without adopting the authentication standard required by the European directive of payment systems PSD2. A conduct that has prevented the PostePay system, regardless of its will, from applying the Strong Authentication methods for verifying the identity of the person requesting the operation: effective and recognized contrast measures that are normally adopted by Poste Italiane. The legislation introduces, as a security measure, a procedure that allows the validation of the user’s identification on the basis of two or more independent authentication elements between them (such as: password, pin, key / token, smartphone, fingerprint or other biometric data). A procedure that is preparatory for online payments and also provides for the creation of a unique code which, for each operation, links the amount and the beneficiary.
The problem of charges also involved other financial operators, explained by Poste, noting that “it seems more relevant for PostePay in consideration of the significant market share”. More specifically, the company has clarified that “PostePay has over 30% of the market share of online payments in Italy “and that the phenomenon affected only” 0.5% of cards operating online “.
Since these transactions do not comply with the security standards set by the PSD2, they can be contested by the customer who is re-credited, resulting in compensation against the merchants from which the payment originated unauthorized, “all in accordance with the provisions of the rules of international payment circuits”. From Poste they reiterated that they had applied more stringent counter measures to the point of completely inhibiting operations on non-European merchants who have not adopted the standards required by the PSD2 regulation. In any case, the advice is to check the movements on the card and in case of irregularities inform Poste with the form made available on the site.
.