What does it mean to be “PINwise” and why should I encourage my
customers to use a PIN?
Being “PINwise” means using a PIN to confirm a customer’s identity when they use their credit, charge or debit card to conduct a transaction at a point of sale in Australia. Using a PIN helps protect against fraud due to lost or stolen cards. This is because the chance of someone correctly guessing a PIN, which can be from four to six digits long, is very small.
Why is a PIN safer than signing?
When using their credit, charge or debit card at the point-of-sale terminal, the customer enters a PIN to authorise their transaction, rather than signing. The PIN transaction is encrypted and sent in real-time to the customer’s card issuer to be authorised. PIN usage can help protect against fraud due to lost or stolen cards, because the fraudster would need to have both the card and the PIN; this is why you should tell your customers not to share/tell their PIN with any other person, including you or your staff.
Who is behind the “PINwise” initiative?
The Industry Security Initiative (ISI) comprises representatives of all Australian financial institutions that issue Visa, MasterCard, American Express and Diners Club cards plus representatives of Visa, MasterCard, American Express and Diners Club International. The initiative members represent the payments card industry and their role is to ensure that there is a consistent experience for consumers when using their credit or debit card to pay for purchases in Australia, regardless of the financial institution that issues the card.
Do all transactions in Australia need a PIN?
No, not all transactions at point of sale will need a PIN, most notably contactless transactions (Visa payWave,
MasterCard PayPass or American Express Contactless) under $100 do not need to be authorised by a PIN, and do not
require a signature today.
Other exemptions are:
- Certain small ticket payments that do not require signature or PIN under $35
- Transactions from most unattended terminals e.g. parking meters, kiosks and vending machines
- International transactions (transactions conducted by cardholders with cards issued by banks outside Australia)
- Magnetic stripe transactions (generally on payment cards that do not have a chip, for example some pre-paid
cards and gift cards)
- Signature only cards. These cards may be issued by certain financial institutions to accommodate special needs
of individual cardholders and are subject to specific criteria
In each case, the payment terminal that is reading the card will prompt for a PIN if it is required/accepted.
I would like to promote to my customers to encourage them to use
PIN, how can I get involved?
Many merchants today at the point of card transaction often ask their customers “PIN or sign”. If you wish to promote your customers to use PIN, for speed, convenience or security reasons, then you could simply re-train your staff to ask “Would you like to PIN that?” (or similar) at the point of the card transaction.
Furthermore the bank / financial institution that currently deals with your card transactions may have materials that they can provide to assist in promoting PIN usage. Please contact them to find out.
The Industry Security Initiative would also encourage you to promote the usage of PIN by you, your family and your staff, as nothing promotes a change in behaviour better than seeing other people change their behaviour to become “PINwise”.
What kind of point-of-sale transactions will require a customer to
use a PIN?
From August 1st 2014 a PIN will be required at all point-of-sale terminals in Australia
for purchases of goods and services, as well as cash-out transactions, if the customer’s card supports them. The
only exceptions to this will be when conducting a contactless transaction under $100 or a small ticket purchase
(under $35) or a transaction from most unattended terminals. Until August 1st signature remains a
valid form of cardholder verification for Australian issued cards and should be accepted if the customer insists
on using this method.
To find out if a card has cash-out functionality, please contact the bank/card issuer directly. Also not all
merchants support cash-out at point-of-sale. Please ensure that you tell your customer whether or not you support
cash-out at your terminal.
Can customers still use the contactless option?
Yes. In Australia, where that facility is enabled, a customer can still use their MasterCard™ PayPass, Visa payWave or American Express Contactless enabled credit, charge or debit card on a contactless enabled terminal or touchpad to initiate the payment side of the transaction. When contactless is used, for any transaction under the value of $100 there is no need for the customer to PIN or sign. For transactions of $100 or greater the customer will at this point in time be asked to PIN or sign, but we recommend that you encourage them to use their PIN.
To check whether the point-of-sale terminal supports contactless transactions, ask your bank or acquiring
institution, or simply look at the terminal’s screen prompt for instructions. The following symbol indicates that
the card and the payment terminal or card reader can conduct a contactless transaction.
What happens if a customer still tries to sign for a purchase in
From August 1st 2014 if the terminal has requested a
PIN (likely to see “ENTER PIN” on the screen) then it will not allow the transaction to continue unless the
customer’s PIN is entered. Therefore it is important that you tell your customers to have and use a PIN as soon as
possible in order to avoid any issues with processing their payments in the future.
As mentioned above, there will be infrequent cases where the customer will need to sign for the transaction rather
than enter the PIN (e.g. cards from overseas). In these cases, the terminal will indicate
that the customer should sign the receipt.
What happens if a customer forgets their PIN?
If a customer types in the wrong PIN three times into the point-of-sale terminal, their card may become locked. You should tell the customer to contact their bank or financial institution to obtain instructions on how to unlock their card. In some cases the customer will be asked to go to their bank’s branch or ATM to unlock the card. You should offer to allow the customer to complete the purchase using a different payment method, either a different card, cash, or cheque (if applicable).
Please note that, until August 1st signature remains a valid form of cardholder verification for Australian issued cards and should be accepted if the customer uses this method.
What if a customer is not prompted to enter a PIN?
Where the point-of-sale terminal does not prompt your customer to enter a PIN, they will be asked to follow the current card payment process, normally using their signature to confirm the transaction. Note that contactless transactions under $100 and some low value transactions under $35 will not require a PIN or a signature.
If I run a café/bar/restaurant, how do I get one of the new
“pay-at-table” terminals for my establishment?
For customers in cafes, bars and restaurants, a “pay-at-table” terminal may be the easiest way for them to enter a PIN to verify their transaction. If you would like to know more about these types of terminals, how they would fit into your business and how to get them installed, please contact the bank / financial institution that currently deals with your card transactions; they should be able to provide you with all of the information that you need.
How can a customer add a tip/gratuity in a restaurant?
Most new “pay-at-table” terminals at restaurants should display the amount that the customer is paying and ask if they wish to add a tip/gratuity (often providing the option of adding a percentage or a dollar figure that they can choose). The customer should simply follow the display prompts. If they add a tip/gratuity amount, the total amount of the transaction will then be displayed, and they will be prompted to enter their PIN. By doing so they are accepting the total amount of the transaction.
Are there special considerations for retail petrol merchants?
Petrol merchants present a special situation in that the typical sales process involves the customer paying for
the petrol after they have already filled their tanks. In the event that the customer cannot successfully enter
their PIN to complete the transaction, they will need to be able to pay using a different payment method. This
might include a different payment card, cash, or cheque (if applicable).
Furthermore, in these
circumstances, please recommend that the customer contact their bank /card issuer in order to gain an operational
PIN for that card.
After 1 August 2014
Why can my customers still sign?
As the software in Australia’s point-of-sale (POS) terminals is upgraded, there may still be situations where customers are offered the option to sign or PIN. Merchants and customers should follow the prompts on the terminal to determine the appropriate authentication method. However, where possible PIN should be promoted as the primary authorisation method, as the number of places where signature is accepted will quickly reduce over the next couple of months .
However, merchants should remember that holders of most cards from overseas and a small number of “signature-preferred” cards issued in Australia are still permitted to sign rather than PIN.
What if I my customer doesn’t have a chip card?
After 1 August, Australian issued magnetic-stripe (mag-stripe) cards without an embedded-chip will still be able to use signature for authorisation; most of these cards will be replaced with chip-enabled cards by their issuer within the next few months.
Does this impact ‘Tap & Go’ / contactless?
The operation of Visa payWave, MasterCard PayPass, and contactless payments from other providers, including American Express, for transactions up to $100 will not change in light of the move to PIN.
What if my customer cannot use a PIN?
Australians with a genuine need to sign can apply for signature-preferred cards; each applicant for such a card will be assessed on a case-by-case basis by their bank or card issuer. People cannot opt to have a signature-preferred card simply because they prefer to sign. The move to PIN only technology is a compulsory security update to Australia’s payment system. You should suggest that your customer contact their bank or financial institution to discuss the options available to them.
What about non-Australian issued cards?
Visitors from overseas will not be impacted by the changes, so they will use signature or PIN to authorize transactions as they did before. Hence signature will still be a valid form of payment authorisation for most visitors from overseas. Again, you should be guided by the prompts on the terminal to determine the form of authentication appropriate for overseas cardholders.
Is it unsafe for customers to sign for purchases when they go
Australian issued credit, charge or debit cards may or may not support PIN when used overseas, depending on the destination. If the equipment at the overseas merchant does not allow the customer to use a PIN, they should still feel safe that they are protected by signature verification.
How does a customer get a PIN for their card? How do they change
their PIN? How do they find out if they already have a PIN on their card?
The customers bank / card issuer will provide them the PIN for their credit, charge or debit card. If they have forgotten their PIN, the card issuer can provide them with another PIN upon request. PIN’s may be issued over the internet, by phone or via mail (usually in a separate envelope to the actual card). Some card issuers allow their customers to customise and select their own PIN during the card activation process over the phone.
It will be important that customers remember the PIN for each of their credit, charge and debit cards. If a customer does not remember what PIN they have, it is best for them to contact their bank/card issuer directly.
Different card issuers have different processes for changing a PIN. It is best for the customer to contact their bank/card issuer directly, or visit their website, to find out how to change their PIN or request a new one.
In what cases would cardholders not have to use a PIN?
A PIN is not required for mail or telephone order transactions, or transactions conducted on the Internet.
PIN is only applicable when a customer is physically present at the point-of-sale during the purchase or withdrawing cash at an ATM. There are some circumstances at the physical point-of-sale when PIN is not required (and neither is signature), most notably contactless payments under $100, low value payments (under $35) at some merchants and most transactions from unattended terminals e.g. vending machines and parking meters.
What happens if a customer exceeds their PIN tries at an ATM or
If a customer types in the wrong PIN three times into the point-of-sale terminal, their card may become locked so that fraudsters cannot keep trying to guess the PIN. You should tell the customer to contact their bank or financial institution to obtain instructions on how to unlock their card. In some cases the customer will be asked to go to their bank’s branch or ATM to unlock the card.
You should offer to allow the customer to complete the purchase using a different payment method, either a different card, cash, or cheque (if applicable).
Do all credit, charge and debit cards still need to be signed on the reverse?
Yes. This is still necessary, as the signature will continue to be used for verification in certain situations, such as travelling abroad to a country where PIN is not used, or where a terminal has not yet been upgraded to accept PIN.
Indeed, for the time being, signature remains a valid form of cardholder verification for Australian issued cards and should be accepted if the customer insists on using this method.
What does a “chip card” look like?
Australian issued credit, charge or debit cards will most likely already have a "smart" chip. The chip itself is embedded in the card, but the top of the gold/silver contact plate can be seen from the front of the card, on the left hand side. There will be occasions when you may not be able to process a PIN transaction and the customer will be required to sign instead. Cards will therefore retain their magnetic stripe and signature strip on the back.
PINwise and Accessibility
What if a customer has an impairment which makes it impossible to use a PIN?
While it is recommended that cardholders always use their PIN if given the option, it is understood that some cardholders may have a genuine requirement to be able to continue to sign due to mental or physical impairments, even once the PIN mandate is in force from 1st August. For these select cardholders a number of card issuers will be providing an option for the cardholder to request a replacement card which will allow them to continue to sign if they have difficulty using a PIN. You should contact your own financial institution or issuer if you require further information on this topic.
How does PIN affect those who are blind or partially sighted?
The vast majority of PIN pads on point-of-sale terminals have a tactile feature that includes a raised dot on the
middle ‘5’ button. This layout will be familiar to most people with vision impairments, and should therefore be
easier to use. Also, the primary 'function' keys are colour coded for ease of visibility. Usually, the 'cancel'
button is red, the 'clear/cancel' button is yellow, and the 'Enter/OK' button is green.
Many PIN pads are designed to be picked up from their holders, to make it easier and more secure to enter a PIN.
There are also PIN pads which have been built into the shop counter, and in restaurants and bars the PIN pads are
likely to be (or will soon become) wireless so that your customer can pay whilst sitting at the table. Whatever
the case may be, your staff should always be able to help the customer through the process and answer any queries.
However you or your staff should never ask the customers to disclose their PIN, it must remain confidential/secret
to the customer at all times.
Research with blind/visually impaired cardholders in February 2013 showed that the vast majority of those
interviewed were happy to use a PIN, having tried it and found it easier and quicker than signing.
If a customer has trouble using their hands, how does PIN
Some people may have difficulty with entering PINs, particularly those with physical conditions such as arthritis
or cerebral palsy. If you have a customer with a disability and you think that they may have difficulty with PIN
due to impairment, please ask them to contact their bank/card issuer and they will discuss options with them.