I’ve always waited until the Terminal screen says approved before walking off even before SCA .
Not a dig, but cards get declined all the time for multiple reasons, it takes a second to wait for approved or declined to show.
5 Likes
The same thing happened to me with a faulty card. I tapped the terminal, took my goods, and left. Luckily, the retailer had my email address, so it was sorted in the end. So it’s not all SCA related, but SCA will make it more prevalent.
This never happened to me until SCA, so there you go.
I wonder how they arrived at “5 transactions” or “150 EUR” limits, I’d love to read research papers about that, unfortunately I couldn’t find anything. Also the reasoning behind forcing people to risk revealing their pin numbers in busy settings when paying for low risk low value transactions. Sounds like a paradise for shoulder surfers.
With Apple Pay you have to authenticate each transaction which is why it doesn’t count towards the contactless limit. Also Apple doesn’t retain any information on your purchases.
Yes, the legislation has been crafted this way so that transactions made with Google or Apple devices will not count towards the limit, as there was absolutely no other way to do it.
I read Apple privacy policy and I quote “And when you use Apple Pay with credit, debit, or prepaid cards, Apple doesn’t retain any transaction information that can be tied back to you—your transactions stay between you, the merchant or developer, and your bank or card issuer.” - if you look carefully at the wording - it only says they don’t keep the data in a way that could be traced back to e.g. me (but you need to take their word for it). It doesn’t say they don’t keep anonymised data where they can research people spending habits and profit off of this research and do other things.
Apart from chip and PIN, or contactless with a different card, or paying cash…?
1 Like
Chip and PIN is not exactly contactless? Different card would also have a limit (unless I could get a card from a country outside of the EU) and cash is also not contactless.
Little to none. The standards for Strong Customer Authentication we’re created before Apple Pay or Google pay existed.
The European Central Bank issued their original recommendations at the beginning of 2013. Apple Pay was released near the end of 2014. Google Pay was released in 2015.
And having been involved in making Monzo compliant, I can tell you that mobile wallet providers were very under prepared for SCA.
10 Likes
I gather that SCA was only meant for regulating online payments. Only in the late 2016 they started to look into authenticating physical payments with mobile apps and entertaining the limits, as we see today, on contactless payments?
I don’t have an in depth history of SCA so I can’t comment definitively. But to my knowledge SCA always covered physical payments including contactless. The basics of SCA were already an EU directive in 2015.
However I can believe that in 2016 there were discussions as to how mobile wallets might interact with SCA. But I seriously doubt they had any impact on contactless limits.
From my perspective, having spent months up to my eyeballs in SCA. I would say the contactless limits were picked based on what banks were already doing in 2013, as most contactless cards have always had a contactless limit of ~£100 or 5 transactions.
It’s only banks like Monzo that have always had unlimited contactless, due to implementing contactless in a different way to older banks (online vs offline, there’s an in-depth description of the two in the forums somewhere).
In short SCA was written for banking in 2013. Mobile notifications weren’t a thing, neither were mobile wallets. It’s just happens that Apple Pay and Google Pay are very secure payment methods (equivalent to Chip & PIN). There’s nothing to prevent someone from developing a different SCA compliant payment method that’s contactless, just no one has.
5 Likes
I guess the NatWest biometric cards (or whatever they are) are moving in that direction?
I have never had contactless payment declined before SCA was introduced and I used other banks too.
I think what was contemplated was to reduce the limit for a single payment.
Contactless payments were a threat for mobile apps, because it was easier to tap a card rather than pull out and unlock a phone. They only had to change legislation to make contactless payments to have worse user experience than the app.
It seems like this whole thing is not about security, but having information who is spending money where.
It is kind of an equivalent of having to show ID when paying with cash, but people don’t think about it this way.
Ok, I am taking off my conspiracy theory hat now.
I think you’re assuming a level of organisation in the payments industry that’s far greater than what I’ve seen or experienced.
9 Likes
Would be interested in seeing this analysis. I’ve entered twice in 3 days and it’s getting a bit annoying really.
2 Likes
I got resolution to my complaint about this. Just as I thought - it’s not our fault that you and the seller were unable to see that payment hasn’t gone through and you almost have become a thief.
We are going down a slippery slope - institutions blindly following regulations to the letter without contesting them are just a recipe for disaster.
Given that it is no longer safe to use, I just stopped using contactless (should be renamed to pointless, really) except for TfL. And now that everyone can see you entering your PIN in crowded places, you should be changing it every few days or even after every transaction. Recalling what PIN you currently have can take some time as well. But hey! Payments are now more secure and the bank can be sure that person buying morning coffee is indeed you! Millions of people spending extra minute at checkouts is a price worth to pay 
Might you be indulging in a little bit of Reductio ad absurdum here?
2 Likes
Interestingly, I haven’t had this come up until today. On average, between all my contact less payments, I’ve normally paid for something over £30 and had to enter my pin. I think that average would apply for most who use it as a primary account, based on common spending expectations.
But you can see the payment hasn’t gone through, surely?
If you’re tapping and walking off before the payment attempt has completed, then I don’t see how that can be Monzo’s fault in any way.
1 Like
That’s the thing - I didn’t nor the seller. Tapping and walking off is not something I do, also how would the seller give me the product without ensuring I paid first? The declined payment throughout the whole process only appeared on the printed receipt that we didn’t look at. Only when I returned to pay the seller gone through the pile of receipts and found one declined and he asked if that was mine. There is something seriously wrong with it.
The fault is in implementing regulation where there is no infrastructure to support it.
Ah, the seller is at fault, then. I hadn’t considered that possibility, apologies for that. The fact that they weren’t paying attention to the receipt coming out of the machine is entirely on them. I take CC payments at work on occasion and we’re always told to check the merchant receipt before finalising the transaction.
1 Like