The payments industry is constantly evolving by introducing new ways to make spending more convenient, whilst also improving security and reducing fraud. Contactless is certainly a case in point for convenience; so much so, it has enabled card transactions to overtake the spending by cash for the first time!
Up until recently, cash had the advantage of being quick and easy to use but with the introduction of contactless payments, cards can now be accepted almost anywhere you need a quick and easy payment that would traditionally only be cash – such as in fast food outlets, pubs/bars and even where you wouldn’t use cash such as on buses or the underground.
The ease of use however, has meant having to forego some of the security measures that could slow down a transaction and restrict throughput, like entering a PIN. This reduction in verification of the card’s owner meant contactless transactions were limited to a £30 cap.
This cap has the ‘comfort factor’ in that if a contactless card were lost or stolen, the abuser could only inflict limited damage until the loss was reported. But what if it wasn’t reported or noticed for some time? The unauthorised spending could continue almost indefinitely or until the funds ran out. Something needed to be done and there needed to be a safety valve…
Introducing SCA
To resolve this potential for abuse, the payments industry introduced a new safety measure under the payment services directive (PSD2) that requires users to periodically authenticate themselves and to confirm that they are still in possession of their payment device. This will prevent endless, unchecked spending should a payment device end up in the wrong hands. The authentication process is designed to be as unobtrusive as possible, whilst also adding the required level of security. This Strong Customer Authentication (SCA) is possible due to modern technology and the highspeed communications that are now available.
Although the McLEAR Ring is more secure than the traditional contactless card and far less likely to get lost or stolen, the governance applicable to payment cards also applies to the McLEAR Ring. These rules will be applied via the McLEAR Mobile App.
What are the requirements?
In a nutshell, the PSD2 regulation states that authentication is required every 5 transactions or when £300 has been spent, whichever happens first.
Our solution
We’ve worked hard on this issue and have implemented a solution that is now live across our platforms.
When using the McLEAR Smart Ring, users can spend up to £200 before having to authenticate within the mobile app using the app passcode or some form of biometrics, such as fingerprint or facial recognition (whichever you have set up in the app). A notification will also be sent as a user approaches £200 to serve as a reminder that authentication will soon be needed. Following successful authentication, we will assume that the user still has the ring in their control and the accumulative spend counter is reset.
We feel our implementation of the new rules offers the most simple and easiest user experience that still retains maximum flexibility, whilst remaining compliant with the directive.
SCA was mandated across Europe from 14th September 2019. It is anticipated that these safety measures will make contactless spending more secure whilst not detracting from the ease of use.
We’re always open to user feedback and often add ideas from our customers to our feature roadmap, so if you would like to give us your insights into the new changes – or if you have some amazing ideas, drop us an email – we’d love to hear from you!
Update – 20th October 2021
On the 15th October 2021, the contactless limit in the UK rose to £100 per transaction. Alongside this, the Strong Customer Authentication thresholds were also adjusted higher. We have edited this article to reflect these new thresholds/limits.