What is the Revolut approach for payment authentication according to the new PSD2-SCA rules

13 septembrie 2019

From 14th September, new regulations come into effect across the European Economic Area (EEA), limiting the number of contactless card payments you can make before needing to verify the payment.

In short, you’ll be able to make up to €150 (or other currency equivalent) of contactless payments before you’re asked to either pay with Chip & PIN, or log into the app to verify the payment.

These new regulations are legally enforced in the EEA, and will apply to all regulated payments institutions. They’re being introduced to reduce the possible damage if your card is ever stolen or otherwise compromised. After all, if someone were to steal your card, it’s unlikely that they would also know your PIN.

„That said, we fully understand that anything which might interrupt your experience is a hassle. That’s why we intend to make it as simple as possible to authenticate your payments, while simultaneously keeping your account safe.”, according to the Revolut.

Here’s what will happen when you approach the contactless limit:
. Revolut will send a notification to your phone, letting you know that you’re approaching the contactless payments limit (if you’re a business customer, you’ll get an email)

. At this point, you can either make your next payment via Chip & PIN, or tap on the notification and reset your limit from the Revolut app (you will need to enter your PIN, or using fingerprint/face ID)

. You’ll then be able to make a further €150 (or other currency equivalent) of contactless payments until the next required ‘limit reset’

If you reach the limit without resetting, we’ll have to decline that payment, but we’ll send you another notification asking you to reset the contactless limit.

What’s included/not included

There are a couple of exceptions to these new rules. These include:

Apple Pay/Google Pay — These won’t count towards your contactless payment limit, so try and use this on contactless terminals instead of the card. Also consider topping up via Apple/Google Pay where you can

Unattended terminals — These include parking and travel ticket terminals, and won’t count towards your contactless payment limit

Authenticating with Magstripe

The magnetic stripe or Magstripe, is the horizontal strip that runs along the back of your card. Payments using Magstripe will only work if the merchant has their terminal set up for ‘Magstripe + PIN’. If they have it set up for ‘Magstripe + signature’, you’ll need to insert your card and enter your PIN (or use Google/Apple Pay).

Strong Customer Authentication

All of these changes relate to something known in the industry as SCA, or Strong Customer Authentication. SCA is built around the idea that strong authentication (i.e. making sure that it’s you) is based on providing elements from at least two of the following three categories:

  1. Something you know — e.g. your PIN
  2. Something you have — e.g. your card
  3. Something you are — e.g. your fingerprint/face ID

Chip & PIN satisfies this on its own because it features something you have (the card) and something you know (the PIN). Contactless does not, because it only features elements from one of the categories (something you have). This is why contactless payments need this extra check every now and then.

Adauga comentariu

Cifra/Declaratia zilei

Nic Marius Balaceanu – Founder & CEO Lendrise

„For more than a week now, ScoreRise enrolls daily hundreds of users through an innovative facial recognition interface. Enrollment takes less than a minute and it does not require presence of a human operator or video recording. And, of course, it stays fully GDPR compliant with help from Reff & Associates and Deloitte Romania.”

Romania este ultima tara membra UE care nu a transpus in legislatia romaneasca Directiva europeana revizuita a serviciilor de plata (PSD2). Cand credeti ca se va intampla totusi acest lucru?
48 votes · 48 answers