Online Payments: most important rules

Last updated on 22-09-21.

Paying for purchases online is now quite commonplace, although not without risk. The European legislator has imposed a number of measures in order to provide better protection for consumers who pay online, as explained below.

Mandatory two-factor authentication

Belgium has maintained a secure online payment system for some time now based on rigorous customer authentication. Main objective? To combat fraudulent internet transactions. Merely entering the long number on your bank card when paying online on a Belgian website is no longer enough. This type of transaction requires double authentication. A European directive, PSD II, now aims to introduce this system throughout the EU. Unfortunately, some member states are lagging behind with the implementation of this measure.

What is two-factor authentication?

To make online payments more secure you must confirm your payment twice, by entering two separate factors:

  • an element known only to you (e.g. your secret code);
  • an element that that only you have access to (e.g. a smart phone or card reader);
  • an element that personally identifies you (e.g. your fingerprint or facial recognition).

This additional security feature is sometimes also referred to as, for example, two-step authentication, two-stage authentication or multi-factor authentication.


Although banks are obliged to activate the two-factor authentication system for their customers, in some cases this type of rigorous identity authentication is not required. However, these exceptions are not always straightforward. The following payments are sometimes exempt from two-factor authentication:

  • payments involving small amounts of money: the value may vary from country to country, but is on average 30 euro
  • low-risk payments
  • payments to a trusted beneficiary
  • recurring payments

Good to know: rigorous identity authentication does not apply to payments to or from a non-European bank, irrespective of, for example, the value, repetition or risk level of the transaction in question.

Ban on additional charges

Are you paying electronically (by bank card)? Merchants are not allowed to impose additional charges, regardless of whether the payment is made online or in-store.

Sellers are free to decide which payment methods (e.g. bank card, credit card, bank transfer) they do or don’t accept.

When making a payment on the internet it is advisable to use a credit card or payment system such as PayPal. In the event of a dispute, you will be able to contest the payment and obtain a refund subject to certain conditions. Here’s how to do this when paying with a credit card.

If you require further information on this ban please visit the FPS Economy website (available in Dutch and French).

Excess if your bank card is used fraudulently

If you noticed that money was withdrawn from your account without your consent following, for example, theft of your bank card or fraudulent practices on the internet, you are entitled to lodge a complaint. In the event of fraudulent transactions without your specific consent, the bank must reimburse any misappropriated amounts. It is entitled, however, to deduct a 50 euro excess. Find out more about your rights.

Good to know: Has a fraudster used your card to make a contactless payment, i.e. without entering the PIN number? If so, the bank has to cover any loss including the excess.