PSD2 SCA compliance - PIN required for some contactless transactions

2019-09-12

From 14th September, you might occasionally see the following message when you accept a contactless (NFC) payment using your CabCard terminal:

Transaction declined: PIN required

When you see this message:

  • ask your customer to try the transaction again using the same card, but instead of using contactless, ask them to use Chip & PIN.
  • If your customer is using a mobile phone or other device (such as a smart watch) to make the payment (for example, using Google Pay or Apple Pay), they need to authenticate themselves on their device. This usually means they should enter their passcode, or use their fingerprint.

Why is this happening?

This change is due to a new regulation called the Payment Service Directive II (commonly called PSD2), a European law that’s being ushered in at all UK banks to improve the security of payments and prevent fraud (and yes, it will definitely still be in force after Brexit!).

A part of PSD2 is called Strong Customer Authentication (SCA), which is a new measure to make contactless payments more secure. It means that customers will have to enter a PIN a little more regularly than before.

Most banks will now ask customers to enter their PIN:

  • after making five contactless payments in a row, or
  • after their contactless payments have totalled £135

It doesn’t mean there’s anything wrong with the customer’s card or account. The customer’s bank uses this measure to check that the person using the card is authorised to use it.

Customers will still be asked to enter their PIN for card transactions of more than £30.

What if I need help?

If you have any questions about SCA, don’t hesitate to contact CabCard’s friendly UK support team.