Strong Customer Authentication: Using Chip and PIN more often when making contactless payments

It does feel like pushing the consumer down the ‘phone’ pays rather then contactless.

Do Monzo get the same platform fee for contactless as they would Google/Apple pay?

1 Like

I believe Google pay take a cut of what monzo would get, I’ll see if I can find the post.

Edit, The WSJ says that they don’t but apple to, but that article is 4 years old

I believe there’s a distinction between ‘full’ Apple Pay purchases (unlimited amounts) and contactless payments which you can also do on your phone. It depends on the merchant/terminal whether they support ‘full’ Apple Pay.

Maybe someone from Monzo can confirm if both these types are always allowed or not.

I believe they are because the underlying reason is that issuing the contactless payment from your phone is a form of authentication in itself.

Just had an email from Starling about their implementation. Interesting that their total is £135, as opposed to £100 for Monzo.

2 Likes

The limit in legislation is 150 EUR :slightly_smiling_face:

Monzo have a £100 limit because our cards also support a small amount of offline usage, and this is to prevent you from going over the limit while offline (which we would be unable to see until the next day). We felt it was a much better trade-off to continue to support this case, and make sure you can’t exceed your contactless limit at the same time.

Keep in mind that mobile wallets (Apple and Google Pay) are authenticated already, so they don’t need to use this entire mechanism either

3 Likes

Are their limits defined in other currencies or is it whatever 150 euro is worth at the time?

Starling has the same offline etc as Monzo but pushing it by £135.

If you actually did £134 on the Starling ATM it wouldn’t trigger the check but it’s technically breaking the 150 euro. As mentioned in the other thread with the Brexit malarkey 150 euro probably will be worth much less than £135, at least for a short period.

It’s euro - been mentioned in the other thread as they were talking about what happens when the pound drops after brexit.

Exchange rates are actually fixed, for the purposes of this legislation.

2 Likes

I beleive they said that, at least in the beta version, yes you can reset this in-app by entering your PIN.

No matter how the merchant interprets it, Apple Pay is (from an SCA perspective, and from ours) always strongly authenticated. You’ll never be asked to insert your card when using it (Except if you exceed £30 at an old incorrectly configured terminal)

Similar applies to Google Pay, though Google Pay does support unauthenticated purchases. In those cases, you won’t be prompted to do anything by the terminal but instead the Google Pay app on your phone will prompt you to authenticated

6 Likes

Does anyone know how devices like Pingit devices etc will work with SCA?

1 Like

That’s actually a good question which didn’t occur to me :rofl::skull:

I had an active card check at 2am from “Blackbaud Sca Charity”, I donate to a couple of charity but not sure which one is doing this. I guessed “Sca” stands for strong customer authentication.
Did anyone have something similar?

This they say :point_down:

.
.
After plenty of googling, it looks like this is their out for now

So they have 18 months before they get in trouble, but doesn’t non compliance break the Visa/MasterCard terms.

They only won’t get in trouble if

The FCA will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan.

Pingits flow will have to be Auth in app, (unless they can implement online pin, is that a possibility?) But they’ll lose their USP if you have to take your phone with you.

2 Likes

Thanks for that :+1:

1 Like

The FCA phased implementation plan broadly only applies to e-commerce and remote transactions. There is no delay to the contactless payment implementation.

1 Like

Oh,

I wonder what they are playing at then.

@amelia @erincandescent Don’t know if @simonb mentioned the Q if Monzo will be upping their £100 limit to match the £135 offered by other banks. He pointed to offline payments being the reason Monzo decided to allow wiggle room but that doesn’t make sense as the 150 euro doesn’t need to take offline into consideration which is why Starling who have the same offline ability went with £135 being a close conversion.

I mentioned that by trying to account for this £35 you’re cutting an already low amount even further which means more likely only three successful contactless before the 4th busts. £30+£30+£30+£10+

1 Like

We will be implementing a £100 online, £30 offline unauthenticated contactless limit in line with the legal requirement to not authorise more than £135 total between instances of strong customer authentication. There is no special exemption in the law from SCA for offline authorised transactions.

We expect most people (who do the majority of their payments by card, and not by using a mobile wallet) to have to enter their PIN at a terminal no more than once in the average week.

6 Likes