You presumably got this screen:
We’re sending push notifications out when you make your first contactless payment after being enrolled (to ensure people are aware of the SCA changes - alas other avenues of contact tend to get ignored). They don’t mean you’re going to have to insert your card on your next payment.
In retrospect, we should have possibly excluded sending these when you’re making a transit payment.
That’s a great point. Also not an expert but the spec clearly says “or”.
All banks, including Monzo, seem to implement this as “and” though…? Why inconvenience the customer more than needed - or do we all misunderstand?
We have not implemented an and. We have only implemented the monetary limit.
When can you actually spend over £30 with contactless, is it just via a contactless mobile payment? If so, what is the limit and does it work on all readers?
I can never been bothered with the faff of having to try again, so always just put my card in over £30, but never use it otherwise - just use Google Pay.
In the UK the max is £30, and then chip and pin is needed.
The rest of the World varies a lot of countries have no limit but higher than a specific amount and you need pin as well after tapping.
Unfortunately the UK doesn’t support contactless and pin, so you need to stick your card in too.
Contactless mobile technically isn’t meant to have a limit, but some terminals are configured incorrectly and impose a £30 limit on them too, although that’s slowly being fixed.
Thanks! That must have been it, as it’s the first time I’ve used the card since everyone was enrolled in SCA, and I also haven’t viewed the notice in app (since I’d read about it here 
). I didn’t tap on the alert at the time, but assume it would have taken me to that screen. I was only worried as I thought it was because I’d hit the limit – didn’t have a chance to properly read the alert as I was getting on the bus.
In the end I walked home (nothing to do with the card), so never got to see what would have happened, but assume it would all work fine. Thanks @erincandescent for answering on a weekend – above and beyond. 
It’s not clear this is a compliant approach. There is an EBA Q&A that very strongly suggests that you can’t do this. They make it clear that the SCA needs to be tied to a payment initiation, and generally prove the customer is still in possession of the card.
Of course we’ll keep an eye on these sort of implementations to make sure we aren’t over interpreting the law. But right now our focus is on producing the most user friendly and complaint implementation.
I would assume that other banks £135 limits do include an allocation for offline transactions, they’re just not telling you.
For us it doesn’t feel right telling people they have a £135 limit, when it’s practically impossible for them to actually hit that limit.
What is offline spend anyway?
It’s when there is no immediate communication made with the servers at Monzo (or another bank) to clear the transaction
Mainly this is on trains and planes, but seems to be used for some hotels and hire cars as well
If I recall correctly, terminals which aren’t able to connect to their payment networks have the option to store the payment offline, and process it when a connection is regained?
Irrelevant but interesting:
There was a thing in America (and presumably here too), where criminals would unplug/tinfoil on satellite dishes at petrol stations, and then use an empty pre-paid card. The card readers would use the satellite dish as a connection method. The card would authorize, but when the connection was regained, there was nothing to take.
For Android what about an “authenticate using PIN or fingerprint to reset” in the app and then require the user to tap their card to their phone like when activating a new card on Android?
@thomas @erincandescent @anon68157246
Just had a question on the offline limit of £30
Is that something that’s already baked into the card?
How does the card know when to stop at/below £30 before rejecting the next payment? Does it taley up the payments?
Then that leads to how does it deal with non-GBP amounts in offline mode? It doesn’t have conversion to GBP?
So is £30 just guessing at about this amount reserved, in which case why bother. Contactless limits are much higher around the world.
Yes.
It has internal counters that tally up the payments it’s authorised.
Good question, @erincandescent should have a good answer for this. But I would guess it either relies on the terminal to provide a conversion value, or it simply won’t authorise offline non-GBP payment via contactless.
Without offline limits there would be places where our cards simply wouldn’t work (such as some bus networks). Additionally the cards can also request to be inserted, in which case they have a separate set of offline contact limits.
Thanks for the answers.
Yeah would be interesting to know if when presented do you want to pay in GBP or local currency if the GBP would work offline and the local fail offline.
I’m intrigued in what Starling come back with on Monday.
So their card only ticks up to 50 transactions per 24hrs, or so I’m told. They don’t have an offline limit set baked in as far as the chat OPs Ive spoken to. I’ve asked them for an official statement as you could make 50 offline payments of £30, if there is in fact no limit baked in, they would need to reissue cards.
They are also meant to be holding a meeting about how Article 11 has been implemented.
I’ve mentioned already basically Monzo interpreted it as a and (b or c) and Starling as (a and b and c) and implemented both a cash limit and the five transaction limit. 
It’ll also be interesting to see if Monzo is left the weak link by trying allocate £30 towards potential offline, and all the other banks just do a straight £135. 
Unattended payment terminals are already excluded so we are really only talking offline where you are being asked to pay by a person which is got to be rare, unless on a place like a plane which would process the transactions on landing. I don’t know if they now do live payments on planes with recent tech or not worth the instability to communicate with banks.
I think a lot of people will not be bothered by this.
I do our weekly shop at ASDA so have to pay by chip and PIN as thay still do not use the full
Apple / Google pay system (can pay with Google - Apple device just not over £30)
so my point is every week i use chip and PIN
the rest of the week i use my phone or Card Contactless so very much doubt i will ever reach the new SCA limit as my card counter will reset every week.
They maybe excluded by the law. But our cards don’t know that. Many bus networks in the UK will perform offline payments when you tap the reader. Without an offline limit, you simply wouldn’t be able to buy a bus ticket.
Additionally the payment terminal on a bus isn’t unattended (the bus driver is there, and the terminals don’t seem to declare themselves as unattended), so it can’t be treated as an excluded payment. There are some weird edge cases for this (TfL is one). But don’t assume that because the law allows us to do something, that it’s technically possible.
So this should follow that every single debit card our there that allows offline payment must have a limit baked into the card chip and assume has a rolling 24hr period to reset? I assume with a card scanner you can see this info or is it only known by the bank?
So cards like Starlings and other banks will have an offline limit even if they have set that to £10,000 to make it possible to do offline?
Or simply have no counter embed, so cant enforce any restrictions in how much is taken offline?
So when other banks also do £135 and simply ignore offline as to much hassle to monitor, are Monzo going to stick to their guns in that they think they are doing the right thing or review it?
I assume at some regular intervals the 150 euro to GBP will have to be updated, like if in a few months 150 euro is 120 pound then your system of allocating £30 offline will need cutting down or the £100, or hopefully the reverse where our pound becomes much stronger. 
Yes, and the limit will be far less than £10,000 and doesn’t reset after a time period. If a bank’s card authorises a payment offline, the bank is liable for it.
Setting high limits or automatic resets just turns a card into a licence to print money, if you have an offline terminal (which the bank then needs to pay when you send over the cryptographic signatures the cards produce). No bank wants to take on that risk.
Other banks won’t be ignoring offline limits. Technical difficulties is not an excuse to flout the law. They must apply SCA after every £135 worth of contactless only usage, it’s up to banks to figure out how to do that. But it doesn’t mean those banks are going to explain the technical minutia to their customers, most people just don’t care.
