Making PIN-less contactless debit card payments for small purchases is very convenient, but it carries a tiny risk – losing your card and not realizing it until someone already found it and wrecked some charges.
Lost or stolen card fraud in the UK alone has seen a tremendous increase in the last years. According to ukfinance.org, the primary representative body of the UK payments industry, there are approximately 430,000 card accounts defrauded in 2018, which is a 24% increase compared to 2017.
Fraud trends are similar across the continent. This progressive increase has motivated many countries to join a synchronized effort and enable new European Economic Area regulations that aim to protect us.
The new rules came into force in the middle of September 2019. This established a limit on how many contactless payments you can make with VISA or Mastercard before you need to verify the transaction with PIN.
In practice, this means you will be asked to enter your PIN more often.
Payment institutions are shifting to Strong Customer Authentication
This continent-wide security upgrade is extremely valuable for clients of banks that do not provide real-time notifications. Payment institutions with legacy systems leave their clients vulnerable to this type of risk. The hassle of getting stolen money back is highly frustrating, sometimes critical.
The new regulation is guided by a very simple assumption: If someone stole or found your card, it’s highly unlikely that they will also know your PIN.
What to expect when paying contactless?
You will be asked to enter your PIN when:
- You make a single contactless card transaction above 50.00 EUR
- You make consecutive PIN-less, contactless purchases exceeding 150.00 Euro in total
- You make five consecutive contactless purchases, and each of them is below 50.00 Euro
Keep in mind that if your 6th consecutive transaction is also under 50.00 Euro, the POS device may ask you to enter the card’s PIN. If the POS device does not have the latest software update, your transaction may be declined. Then you will need to make a new one using your chip and PIN to reset the counter.
If your contactless card transaction is above 50.00 Euro, you will have to enter your PIN, and the counter will reset.
Remember – any time you make a contactless transaction which prompts you to enter your card’s PIN, the counter will reset.
Will mobile payments also need a PIN?
No. These transactions will not be counted towards the contactless limit of your card.
The is the way to avoid being slowed down by declined transactions.
Paying with your phone is considered more secure than a card payment due to the way you authenticate each transaction.
This brings the topic of:
What we covered above is part of the new industry standards called SCA, or Strong Customer Authentication.
This new standard relies on 3 personal characteristics that can identify each user as a way to avoid fraud and money losses.
SCA requires that you identify by providing at least 2 of the following:
- Something you know
- Something you have
- Something you are
When you pay with Chip and PIN, you have the card and you know your PIN. The transaction completes successfully.
With phone payments, you have the phone and you are uniquely identified with your fingerprint or you know your passcode.
Just tapping with your contactless card satisfies only 1 of the 3 requirements – you have the card. This is why you will need to confirm every 6th contactless transaction, under 30.00 Euro, with a PIN.
iCard and the regulators care for your convenience and security
The widespread adoption of contactless debit cards was driven by the speed and convenience factors. People enjoyed this a lot even with the risk of someone else finding and tapping your lost card.
These new protective measures may seem not-so-convenient, but both iCard and the regulators see your security as our top priority.
Enjoy your payments with iCard even more with the latest upgrade for your money.