SCA (Strong Customer Authentication) changes & contactless

I believe this is why :grinning:

And yes - I believe that would be the case if you made 3 x £30 and then the 4th attempt was £10 or more.

1 Like

Pretty much all cards support offline usage though like Starling. And the offline usage is already excluded from that 150 euro so there isn’t any concern in breaking any rules.

Seems by trying to account for this offline amount Monzo is unnecessarily reducing the threshold.

Just seems weird if every bank adopts £135 and Monzo is left at £100?

1 Like

Unfortunately I’m personally not close enough to it to provide any further context! But I shall invoke the wisdom of @amelia and hopefully she’ll be able to add any additional thoughts on that tomorrow.


:+1: thanks

(I actually use Google Pay for 99% of my transactions, but I am intrigued and if it will be changed on what other banks do)

The only winners out of this are Google and Apple. Did they pay some people off to put this through? They must be laughing at how much commission they’ll now rake in after people get fed up of three/four taps and gamble of the next having to chip/pin and realise that phones are excluded from this nonsense.

Completely agree with you.
But I think Phone Pay is excluded because on the phone you’re already authenticated (biometrically, supposedly) and thus satisfy 2 out of the 3 SCA requirements…?

Thank you very much for the link. It’s indeed Article 11 © which mandates the 5 transactions limit… :\

1 Like

I suspect it’s another case where the UK does things slightly differently to the rest of the EU, so a reasonable rule has unintended consequences here. In all the EU countries I’ve visited they do “contactless+PIN”, so being forced to enter the PIN every so often doesn’t really cause inconvenience. We don’t have that option here, so the unintended consequence is us having to use chip+PIN.

Another example was years ago when they changed the motorcycle test to require performing a manoeuvre at 50kph. All reasonable, until you work out it’s 31.25mph so couldn’t be performed on the road here (too dangerous on a road with a 40mph limit). This resulted in part of the test having to be done off-road.

That does raise another Q, can our UK payment terminals already do contactless and then just pin if required without the need to start a new transaction?

If not, I wonder how easy to upgrade to support it, if it’s just software or needs a new terminal hardware. Or supporting a new method of communication. I assuming it’s too much hassle, rather than they have thought we might want to get the UK to do this otherwise it’ll have more impact.

I wish they’d actually bothered doing some testing to see if this actually does anything to fraud stats for the inconvenience it carries and actually see how it would impact various countries as you say.

I wish they had just implemented a rule stating that all banks must provide payment transaction notifications and must allow easy freezing of the card. Or have it that the fifth transaction on a rolling 24hrs (or per day for simplicity) would even be better. Or better fraud detection using location based.

The rollout of this has been like GDPR, spend years and give banks/merchants/customers plenty of time to understand and adapt and then it comes to a week before and everyone oh shit are we we meant to do something, who’s our data controller, was that meant to be you Fred? What’s the rules again? Quick just send an email saying can we still email you, that’s basically it isn’t it :ok_man: :no_good_man: :man_facepalming:

I think answer for me is Apple Pay or use card with chip and pin.


I’ve closed this thread as many of the questions have been answered already within the official thread. Please feel free to carry on the discussion there: Strong Customer Authentication: Using Chip and PIN more often when making contactless payments