From tomorrow, you may be asked for your PIN even when you pay contactless: Here’s why
PSD2, EU legislation that introduces a series of new rules for banks, comes in place on 14 September. We take a look at what it means for you.
Boring banking stuff and new legislation with an awfully technical name. Let’s be frank, you don’t want to read this article and we don’t especially want to write it.
But, wait, wait, don’t click the red button with the X just yet. You really need to know a couple of these things. We promise we’ll make it quick.
For everyone: The basic stuff
PSD2 enforces what is normally referred to as “Strong Customer Authentication”, which is all about preventing fraud and making sure that you’re actually the person using your bank card.
Different banks may approach the new rules differently, but here are two main things that could happen:
- You may have to enter your PIN even if you’re paying contactless. PSD2 establishes that after five contactless payments in a row, or after your contactless payments reach a total of €150 (around £135), you should be asked to enter your PIN.
- An extra security check may be added when you pay online. When you pay more than €100 (around £90) online, your card number and CVV (the three-figure number on the back of your card) won’t be enough to authorise the payment anymore. You may need, for example, to also enter a unique verification code sent to your phone.
Keep in mind that while this is what the law says, some banks may be doing this already, while others may be in touch to let you know what they’re changing. Keep an eye on your email.
- What you should do. Make sure that your contact information, particularly your phone number, is up-to-date, so that your bank can text you as many verification codes as it likes. Memorise your PIN if you can, or always take it with you if you can’t (don’t keep it in the same place where you keep your card. But you already knew that, right?).
- What’s in it for you. It can be annoying, yes. But it’s much safer. If your card gets stolen, for example, your losses will be limited, because it will be impossible to spend more than £135 without the PIN.
For banking junkies: The Open Banking stuff
With PSD2, the nine largest UK banks are compelled to have an API through which third-party providers can easily read your banking data (if you authorise them, obviously). This is relevant for you if you use one of those third-party providers, such as budgeting apps that allow you to look at all your accounts and transactions in the same place (e.g. Yolt or Money Dashboard).
If you do, it’s all about which accounts you have on the app. Some of them may already be connected through an API (in which case you don’t need to do anything). Others you may have been able to access by entering your credentials, but can now be switched to an API. For others, the API option may not be available yet.
- What you should do. Have a look at what your budgeting app says – you may have to update the way it connects to your bank account. With Money Dashboard, for example, you can head to the “account” section of the app and click on each of your accounts. If one of them gives you the option to “switch to Open Banking”, click on it and follow the instructions.
- What’s in it for you. Connecting your budgeting app to your accounts via API should be much faster and more reliable. Yay.