Strong Customer Authentication: Using Chip and PIN more often when making contactless payments

New rules for all banks, including Monzo, mean you’ll need to use Chip and PIN more often when paying with your card.

1 Like

That link 404’s for me…

The link above (https://monzo.com/blog/2019/09/11/strong-customer-authentication-using-chip-and-pin-more-often-when-making/) is different to the blog link which does work (https://monzo.com/blog/2019/09/11/strong-customer-authentication-using-chip-and-pin)

1 Like

Sorry! This should be working now.

1 Like

This is actually a nice feature to have anyway :blush: especially for extra security

1 Like

If you use your PIN to confirm transactions within the Monzo app does this also reset the SCA limitation? Or do I actually have to use my card + PIN in a terminal to reset the limitation?

I’m slightly worried because I regularly go to the shops without my wallet because I can just use my phone to pay. It would be a nightmare if I was randomly unable to complete my purchase when I don’t have my wallet with me. It almost defeats the purpose of having contactless on my phone.

1 Like

If you use Apple/Google Pay, this doesn’t apply to you.

6 Likes

Clearly not Monzo’s fault, but this feels like such a step backwards for the convenience of contactless. :frowning:

14 Likes

It does feel like pushing the consumer down the ‘phone’ pays rather then contactless.

Do Monzo get the same platform fee for contactless as they would Google/Apple pay?

1 Like

I believe Google pay take a cut of what monzo would get, I’ll see if I can find the post.

Edit, The WSJ says that they don’t but apple to, but that article is 4 years old

I believe there’s a distinction between ‘full’ Apple Pay purchases (unlimited amounts) and contactless payments which you can also do on your phone. It depends on the merchant/terminal whether they support ‘full’ Apple Pay.

Maybe someone from Monzo can confirm if both these types are always allowed or not.

I believe they are because the underlying reason is that issuing the contactless payment from your phone is a form of authentication in itself.

Just had an email from Starling about their implementation. Interesting that their total is £135, as opposed to £100 for Monzo.

2 Likes

The limit in legislation is 150 EUR :slightly_smiling_face:

Monzo have a £100 limit because our cards also support a small amount of offline usage, and this is to prevent you from going over the limit while offline (which we would be unable to see until the next day). We felt it was a much better trade-off to continue to support this case, and make sure you can’t exceed your contactless limit at the same time.

Keep in mind that mobile wallets (Apple and Google Pay) are authenticated already, so they don’t need to use this entire mechanism either

3 Likes

Are their limits defined in other currencies or is it whatever 150 euro is worth at the time?

Starling has the same offline etc as Monzo but pushing it by £135.

If you actually did £134 on the Starling ATM it wouldn’t trigger the check but it’s technically breaking the 150 euro. As mentioned in the other thread with the Brexit malarkey 150 euro probably will be worth much less than £135, at least for a short period.

It’s euro - been mentioned in the other thread as they were talking about what happens when the pound drops after brexit.

Exchange rates are actually fixed, for the purposes of this legislation.

2 Likes

I beleive they said that, at least in the beta version, yes you can reset this in-app by entering your PIN.

No matter how the merchant interprets it, Apple Pay is (from an SCA perspective, and from ours) always strongly authenticated. You’ll never be asked to insert your card when using it (Except if you exceed £30 at an old incorrectly configured terminal)

Similar applies to Google Pay, though Google Pay does support unauthenticated purchases. In those cases, you won’t be prompted to do anything by the terminal but instead the Google Pay app on your phone will prompt you to authenticated

4 Likes

Does anyone know how devices like Pingit devices etc will work with SCA?

That’s actually a good question which didn’t occur to me :rofl::skull: