Contactless payment declined? You might just need to enter your PIN

New rules affecting all the banks are being introduced that should make our banking more secure. But the extra steps you’ll need to take could be a bit of a pain.

You might have had a letter or text from your bank about some new anti-fraud measures. It probably says there will be changes to how you log on (here’s my letter from First Direct). You might have glanced at it, but you probably didn’t think much of it. I’ll get on to what this could mean for you in a bit.

And it’s just one change coming your way. As part of the Strong Customer Authentication (SCA) measures you could also barriers to spending in shops and online – the biggest concerns contactless payments.

Contactless payment change

If you’re out shopping you could now find that your debit and credit cards are declined. And that’s not because you’re out of money.

One of the new rules limits how many times a card an be used without some kind of authorisation. Already we have to use our PIN for transactions over £30, but you could also now find that you are asked for a PIN when using contactless.

After five contactless payments have been made, or £135 (though some banks might lower this amount), you’ll need to insert your card and enter your PIN. Which is fine if you remember this. But if you don’t, you won’t get a nudge. Instead, you’ll simply see your purchase declined.

So if you don’t recall whether it’s use number five or six, then this could cause confusion and embarrassment. Of course once we get used to this, it’ll be like those GDPR pop-ups on websites and just be normal. But for now I can imagine it’ll cause all sorts of problems. So spread the word!

Not everything will be rejected though. For example, you’ll still be able to tap and pay on public transport, such as the London Underground and buses, and things like parking meters.

And there is a weird workaround for this. The limit doesn’t apply when using the digital wallet on your phone, and that’s because you’ll be using fingerprint or face approval.

Other changes

The SCA changes were all meant to come into play from the 14th September 2019 – but as so many banks weren’t ready the deadline has been moved until March 2021. Even so, some banks are implementing the extra security measures now.

In essence, every transaction needs to have two forms of authorisation from three choices. The first is your PIN or password. The second is a device, such as a card reader, and the third is using something like fingerprint or voice recognition.

In most cases it means you really should download and set up your banking app if you haven’t done this yet. Without it you might struggle to get into your accounts or make payments.

The exceptions include subscriptions, direct debits and standing orders, which only need authorisation once, and the first five contactless payments.

Here are some of the things to expect between now and March 2021.

Online transactions

You’ll no longer be able to just enter your card details and click pay online. An extra step will now be added by all banks. In most cases it’ll be in the form of a one-time passcode (OTP) that is texted to you when you try to use your card.

Some banks have been doing this for a while, and in my experience, it’s proven pretty quick and easy to complete a transaction. Of course, you do need some mobile phone signal, but if you’re online to shop, then you can connect your phone too.

Logging onto banking sites

There’s a good chance you’ll also need to use a code generated by a card reader, your mobile banking app or input a code you are texted in order to log into your bank account online.

If you already do this, then there’s no change. But other banks will start to ask you to do this. 

Since I’ve got so many different bank accounts, I’m used to different log in processes, and using the card reader has always frustrated me, but for the sake of security, it’s no doubt worth the hassle.

It’s not clear how this affects banking apps as not everyone will have a device that allows for fingerprint and face recognition. I assume a one-time password will be texted to your handset to get you in.


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.