Looking for card that in online payment requires no two factors auth

Not sure starting when, all my card requires two factor authentication when paying online. Either a press on the phone and receives an sms. The list includes wise, revolut, credit suisse, post finance. This annoys me from time to time. I guess this is due to some new security regulations? I wonder if there is a hidden setting where I can turn it off or other card that doesn’t require such security features.

Yes of course.

I don’t think so. Second factor authentication becomes a minimum standard these days. Already 10 years ago there were web sites that didn’t accept credit cards without 2FA. And I think it’s good and worth an extra effort.

too bad…i don’t like taking out my phone when shopping with my computer

Well, my credit card was used once by someone else to do some online shopping. I have no idea how did it happen and why all those 2FA procedures didn’t work. I have not lost money, but the handling of this situation took time and efforts that would be enough to approve few thousand transactions.

That’s why for example I am happy to use single use virtual cards and to create dedicated virtual cards for different platforms, both with Revolut.

1 Like

Trading a bit of convenience for a lot of safety - I’d say it’s worth it.


As a side note: when shopping on a Mac (with M1 chip or later, if I am not mistaken) you can approve all Apple Pay transactions using the built-in Touch ID. No phone required.

ironically, most platforms can charge me via card per month on subscriptions without any kind of interaction with me, but when I actually want to spend money using card, I need to pull out my phone T_T

1 Like

hmm, i am using m1 chip macbook pro but i don’t own an iphone. Never used apple pay before as I assume it is an iphone only thing.

Given all these information, is there a way for me to use touch id when shopping?

1 Like


1 Like

There’s other two-factor authentication methods that do not require a phone. I would also not be surprised if some limited-value prepaid card didn’t require it. I don’t think you’ll find a more convenient card/account setup though.

Only works at merchants / payment processors that support Apple Pay though, I suppose?

I view at as trading a lot of convenience for close to zero added safety and totally worthless to me. hahah

That’s correct. According to Apple’s documentation about 14 Payment Service Providers active in Switzerland support Apple Pay for apps and websites.

Out of the 7 largest payment service providers for Swiss online shops listed by EAER/WBF only 2 are on Apple’s list. Thus, indeed you do not find many large companies websites with the Apple Pay option.

It is however fairly common on the small e-commerce websites which are built on e-commerce platforms such as Shopify which support Apple Pay.


“3D Secure” feature (3DS, or the “two factor auth” as you call it) - is a security feature that merchants (!) CHOOSE TO require for their online transactions. I.e. it’s not enforced by your bank/card, but rather is an option for the sellers to “enhance” the safety of transactions for themselves (e.g. it will be very difficult for YOU to dispute something that was approved via 3DS), so basically by using 3DS - merchants first protect themselves from fraud (and only after that - “your protection” comes into play, despite how everyone advertises it as if it was for your security, which is only secondary).

You may have noticed how Amazon is one of those merchants that does NOT require 3DS. There are more out there, but it becomes rare for obvious reasons.

While this works great most of the time - there’s another “unfortunate” remark about this too: it all depends on the “charge method”, i.e. there are ways for merchant to charge such virtual card that was deactivated, and then Revolut will comply, and let them charge it, even allowing your account go negative.

1 Like

It is (in principle) enforced by your bank/card. And there’s little practical choice, at least in Europe.

“Member states Member States shall ensure that a payment service provider applies strong customer authentication where the payer (…) initiates an electronic payment transaction (or) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.”, according to the EU’s revised Payment Service Directive.

Now, in order to enforce that, your bank or card issuer of course has to depend on the payee as well, i.e. the merchant (online store) and its payment services provider implementing strong customer authentication. Well, the same directive accounts for that too: Failure to do so results in a shift of liability to the payee and its PSP.

While Amazon, due to their sheer size and, possibly, own fraud protection mechanisms, may have chosen to bear that liability themselves - or even get away with its PSP bearing it, most normal business won’t.

I wouldn’t be surprised if an acquirer just showed other merchants the door, or make acceptance unfeasibly expensive, when that merchant declines to implement strong customer authentication on its side.

While it may not be a requirement within Switzerland, this is of course another European regulation that will also, peripherally, affect Switzerland due to its close proximity and economic interconnectedness (Liechtenstein and all other neighbouring countries are in geographical scope).