You’ve probably noticed that security is kind of a big deal to us at Starling. From biometric login to 3D Secure and in-app card locking, we do everything we can to make sure that your money stays safe under our watch.
So as of the 12th September, we’re introducing a new measure to make contactless payments even more secure. It goes by the lofty name of Strong Customer Authentication (SCA) – but really, it just means that you’ll have to enter your PIN a little more regularly than before. It’s come into play because of a new regulation called the Payment Services Directive II, a European law that’s being ushered in at all UK banks to improve the security of payments and prevent fraud (and yes, it’ll definitely still be in force after Brexit!).
The long and short of SCA is that it makes sure that when someone’s using contactless on your card – that someone is definitely you.
So what will I have to do?
Not all that much, actually. We’ll just be asking for your PIN a little more regularly when you pay with contactless. After your contactless payments reach a total value of £135 your card will now decline and you’ll be asked to enter your card in the machine and enter your PIN. It doesn’t mean there’s anything wrong with your card or account – rather it’s just another way for us to keep your money as safe and secure as possible.
You’ll continue to be asked to enter your PIN for single card transactions of more than £30 – but you probably knew that already.
What’s so ’strong’ about it, then?
All the ’strong’ in ’Strong Customer Authentication’ means is that the person using the card – you, hopefully – has passed at least two of three ’proof points’ confirming they’re the owner of the account. Those three points are Knowledge (knowing your Password or PIN), Possession (having your card or phone on you) and Inherence (being able to prove you’re you through fingerprint or facial recognition). When you use your bank card and know its PIN, you’ve passed at least two of those tests – which makes your customer authentication nice and strong. That’s it!
A word on merchants
It’s worth bearing in mind that these are new regulations for the UK, so some merchants will still be finding their feet. Some might ask you to use a different card when your contactless declines, but all you’ll need to do is use your Starling Chip & PIN instead.
Speaking of merchants – there are a few exceptions to bear in mind. Some unattended payment terminals – such as parking meters and Transport for London machines – won’t ask you for your PIN when you reach £135. The same goes for Digital Wallets such as Apple Pay and Google Pay, so if you haven’t started using yours yet, now’s the time.
Can’t remember your PIN? Just go to the Card section in your app to get a reminder – and if you’ve got more questions generally, just head on over to our help centre.
This blog was updated in October 2019 to reflect the fact that customers are no longer required to enter their PIN after five contactless transactions, but only when the total value of consecutive contactless transactions reaches £135