PSD2 - Strong Customer Authentication (SCA)
Risk of unexpected declines of contactless bank cards after 14th September
14th of September is the deadline for the implementation of Strong Customer Authentication (SCA) for debit and credit card transactions. This is part of the Second Payment Services Directive (PSD2) about which we have previously written to you. While delays have been agreed for certain aspects of SCA under current provisions Cardholders will still need to input their PIN either after every five contactless transactions or if the total value of contactless transactions exceeds 150 euro since they last used a PIN from the 14th of September.
The payment terminal should prompt the cardholder to enter their PIN when needed but it’s possible that some contactless bankcards may generate a “transaction rejected, use another reader or card” message instead. We don’t know how often this will happen as it depends on whether any particular issuer has updated their cards for the new rules.
Our advice to you is not to worry because there is a solution you can use to address this situation and the cardholder can still pay with their card by following this simple procedure. If the terminal shows the “transaction rejected, use another card or reader” message, just ask the cardholder to insert the same contactless bank card into the payment terminal and to do a standard Chip & PIN transaction. This should allow the transaction to proceed provided the customer has sufficient funds in their account.
Apple Pay transactions are unaffected and will work normally. However, in the rare example of a customer receiving this message after trying to pay with a wearable device such as a Fitbit, they would need to pay with a physical card. As mentioned above, we don’t know how many of your transactions will be affected in this way as it depends on how quickly your customers’ cards are updated by their issuing banks. We recommend that you explain the solution to all staff that take payments from the public and be ready to deal with this situation as it arises.
A quick and helpful overview of how to operate your terminal can be found here:
Questions & Answers
Cardholders should be prompted to input their PIN after every five contactless transactions or if they have made 150 euro of contactless transactions since they last inputted their PIN.
No. We expect issuers to rollout new cards (with the counting feature) as existing cards expire. This may take some months or years to replace every card in the market.
The payment terminal should prompt the cardholder to input their PIN. However, in the early stages there is a risk that the transaction is simply rejected instead with a “transaction rejected, use another reader or card” message.
Just ask the cardholder to insert their card in the payment terminal and do a standard chip & PIN transaction. This will work provided the customer has funds in their account.
We don’t know. It depends on the speed at which issuers update their cards.
Yes, these transactions are already authenticated by the user’s biometric data so don’t count towards the new contactless limits.
There may be an issue with some wearable payment devices (eg Fitbits). If one of these devices generates a “transaction rejected, use another reader or card” message, the shopper cannot make a Chip and Pin transaction and will need to use a physical card instead.
All parties are moving as quickly as they can towards a complete solution and we will communicate any relevant changes as soon as they are ready for implementation.