Strong Customer Authentication: Using Chip and PIN more often when making contactless payments


1 Like

My understanding from reading this thread or the previous SCA one is that the above isn’t the case. A properly configured terminal should be able to request the user enter their card and PIN (with appropriate messaging) after the tap as part of the same transaction. However, I think some terminals have not been properly updated with this smoother and more sensible flow. @erincandescent might be able to shed some light, but I’m pretty sure that a decline and new transaction is not the only option, or even the preferred one.

1 Like

I’ve written a longer answer to this elsewhere (maybe someone else can dig it up). But in short the regulations primary aim is to reduce fraud across the entire financial industry.

Ultimately customers end up paying for fraud, even if not directly. Bank fraud losses are paid for in fees and lower interest rates.

While the idea of a “I’m a responsible human who knows what they’re doing” checkbox sounds nice. The reality is people people would tick that box, and still demand that they’re repaid when they get defrauded. Most people don’t have enough knowledge to provide truly informed consent, and it would just become a mechanism for banks to shirk their responsibilities.


It is relevant, but it wasn’t that post that’s in my (failing) memory. Someone from Monzo specifically said that an in app reminder (along the lines of ‘you’ve £70 to go before your next Chip and PIN) was being considered. Unless I’m imagining it :man_shrugging:

1 Like

This thread has amazed me and made me realise how many people still actually use the physical card! I literally only use the physical card at an ATM. 95% of places I visit will accept Apple Pay and allow me to go over the standard £30 contactless auth so it’s a no brainer. :sunglasses:


The expected behaviour of terminals - and what has been my (fortunate, I guess) experience is:

  • You tap your card
  • “Authorizing” happens as normal
  • We respond saying “User is over their limit, please perform strong authentication”
  • The terminal prompts something along the lines of “Please insert your card PIN required”
  • You insert your card, enter your PIN, and it authorizes as normal

All of this purely at the terminal/pin-pad - no interaction with the POS system should be required at all

Unfortunately a number of terminals or POS systems appear to be misconfigured and treat the “Please perform strong authentication” response as a hard decline. Even more unfortunately a small number of them seem to get “stuck” until you abort the transaction and retry

When it does work properly (as has been my experience at e.g. Tesco’s card only self service terminals) the experience is pretty fluid (except that a bunch of places have programmed their terminals with somewhat jargony phrases like “Please insert card SCA REQUIRED”)


Seems a good implementation? Does it follow the rules?


My understanding was this wouldn’t comply with SCA? :man_shrugging:t3: As it has to be initiated by the payment.

I may be wrong through.

1 Like

Yeah it’s been discussed before and explained

1 Like

Yeah it doesn’t follow the rules but I like the fuck you attitude to SCA. :fu:

Seems like a sensible way to reset the limit, almost makes it pointless having the limit in the first place…

I think Monzo is too :angel: to have the balls to do this. Especially with going above and beyond when it’s not always best to do that (cough £100 v £135 limit)


I’ve just seen Revolut’s implementation. Seems to be the better one so far.

When you’re approaching your limit (or whenever if you’re that way inclined) - in the app you can reset the limits by authenticating and start from £0. This seems a much better implementation.

1 Like

It does, but it also seems to not exactly fully in line with the Q&As associated with the new laws. So far so Revolut!

Hope, as said above, that :monzo: will keep a watch on others and see if they are over-interpreting the law (in practice rather than in words based on wider application)

1 Like

Did notice this yesterday which is maybe related to your point:


This is only currently set as an experiment in the app, but certainly would be useful.

1 Like

I wonder if it’s just a notification to warn you rather than being able to reset the limit.

They said above that resetting in the app doesn’t comply with SCA, unless now the FCA has released some new guidance, but if they haven’t they should pressure the FCA to clarify what is ok.


I’ll have to use my card a few more times and see if I get a notification as I approach the £100 :sparkles:

In the meantime, it’s possible to see the amount from your limits screen :sunglasses:


just use mobile payments



Thanks!!! Just spent 5 minutes trying to locate this in the new NAV…

After receiving an in-app message saying I would need to use PIN on contactless transaction to keep my card safe (or words to that effect) yesterday, I was anticipating the next contactless transaction failing, but I’ve performed 4 transactions today totalling £16 .01 and checking I still have £6.98 remaining… So I guess it’s a £25 warning!? :neutral_face:

I got this notification for using my pin next time, did so but it declined first time but went through on second attempt.

Yes shame about the same Samsung lack of balls