PINwise logo

  • No PIN No Pay - from 1 August
  • From August 1st you'll need a PIN for most credit and debit card transactions
  • Are you ready for PIN to replace signature on credit and debit cards?

Australians need PIN at point-of-sale from 1st August 2014

The Industry Security Initiative, a collective of Australia’s major financial institutions and card schemes, confirms that PIN has become the main form of card payment authorisation in Australia from 1 August 2014.

The industry-wide move to expand PIN at point-of-sale (POS) and phase-out the signature as a form of verification on Australian credit and debit cards will take place over a short transition period which started from 1 August, as POS terminals migrate to new software.

However, cardholders will need to know their PIN by 1 August, as they could transact at an upgraded PIN only terminal at a retailer any time from that date.

The PINwise campaign is about strengthening payment security across Australia.

Starting with some of nation’s largest merchants, the move will gradually see all of Australia’s 800,000 merchant payment terminals undergo a software update to no longer accept signature as the main form of card authorisation. For most, these costs will be covered by the terminal’s provider.

There will be no change to contactless or online transactions and only in some circumstances such as when using a card issued from a bank overseas, will signature still be a valid form of verification.

Contact your provider for more information.

What is PINwise?

PINwise is an Initiative of the Australian payments card industry to encourage the use of PIN instead of signature.

PIN is quicker and safer. There is only a one in ten thousand chance of someone guessing a PIN. Encourage your customers to be PINwise.

To be ready for the change, contact your financial institution using the links below.

Download point of sale artwork

The Industry Security Initiative has made available a folder of artwork ready to print and use in store. This collateral aims to inform customers of the need to get ready for the switch to PIN, and to take action before August 1st. Please note: artwork sizes are customisable and printing costs are at the expense of the merchant.

Get Files

Merchant staff training guidelines

On 1 August 2014, Australian financial institutions will begin to phase out signature as a form of cardholder verification in favour of PIN.

Here are some simple guidelines that you can follow to ensure that the PIN requirement does not adversely impact you or your customers.

Need more info?

Contact your Financial Institution for more information

  • Westpac logo
  • NAB logo
  • Commonwealth Bank logo
  • ANZ logo
  • Bank of Melbourne logo
  • St. George logo
  • BankSA logo
  • BankWest logo
  • CitiBank logo
  • Tyro logo
  • American Express logo
  • Suncorp Bank logo
  • Bank of Queensland logo
  • Bendigo Bank logo

Choose your bank or financial institution above, or visit your financial institution’s website for more information.

Visit website

Being PINwise

What does it mean to be “PINwise” and why should I encourage my customers to use a PIN?

Being “PINwise” means using a PIN to confirm a customer’s identity when they use their credit, charge or debit card to conduct a transaction at a point of sale in Australia. Using a PIN helps protect against fraud due to lost or stolen cards. This is because the chance of someone correctly guessing a PIN, which can be from four to six digits long, is very small.

Why is a PIN safer than signing?

When using their credit, charge or debit card at the point-of-sale terminal, the customer enters a PIN to authorise their transaction, rather than signing. The PIN transaction is encrypted and sent in real-time to the customer’s card issuer to be authorised. PIN usage can help protect against fraud due to lost or stolen cards, because the fraudster would need to have both the card and the PIN; this is why you should tell your customers not to share/tell their PIN with any other person, including you or your staff.

Who is behind the “PINwise” initiative?

The Industry Security Initiative (ISI) comprises representatives of all Australian financial institutions that issue Visa, MasterCard, American Express and Diners Club cards plus representatives of Visa, MasterCard, American Express and Diners Club International. The initiative members represent the payments card industry and their role is to ensure that there is a consistent experience for consumers when using their credit or debit card to pay for purchases in Australia, regardless of the financial institution that issues the card.

Do all transactions in Australia need a PIN?

No, not all transactions at point of sale will need a PIN, most notably contactless transactions (Visa payWave, MasterCard PayPass or American Express Contactless) under $100 do not need to be authorised by a PIN, and do not require a signature today. Other exemptions are:

  • Certain small ticket payments that do not require signature or PIN under $35
  • Transactions from most unattended terminals e.g. parking meters, kiosks and vending machines
  • International transactions (transactions conducted by cardholders with cards issued by banks outside Australia)
  • Magnetic stripe transactions (generally on payment cards that do not have a chip, for example some pre-paid cards and gift cards)
  • Signature only cards. These cards may be issued by certain financial institutions to accommodate special needs of individual cardholders and are subject to specific criteria
In each case, the payment terminal that is reading the card will prompt for a PIN if it is required/accepted.

I would like to promote to my customers to encourage them to use PIN, how can I get involved?

Many merchants today at the point of card transaction often ask their customers “PIN or sign”. If you wish to promote your customers to use PIN, for speed, convenience or security reasons, then you could simply re-train your staff to ask “Would you like to PIN that?” (or similar) at the point of the card transaction.

Furthermore the bank / financial institution that currently deals with your card transactions may have materials that they can provide to assist in promoting PIN usage. Please contact them to find out.

The Industry Security Initiative would also encourage you to promote the usage of PIN by you, your family and your staff, as nothing promotes a change in behaviour better than seeing other people change their behaviour to become “PINwise”.

PIN Usage

What kind of point-of-sale transactions will require a customer to use a PIN?

From August 1st 2014 a PIN will be required at all point-of-sale terminals in Australia for purchases of goods and services, as well as cash-out transactions, if the customer’s card supports them. The only exceptions to this will be when conducting a contactless transaction under $100 or a small ticket purchase (under $35) or a transaction from most unattended terminals. Until August 1st signature remains a valid form of cardholder verification for Australian issued cards and should be accepted if the customer insists on using this method.

To find out if a card has cash-out functionality, please contact the bank/card issuer directly. Also not all merchants support cash-out at point-of-sale. Please ensure that you tell your customer whether or not you support cash-out at your terminal.

Can customers still use the contactless option?

Yes. In Australia, where that facility is enabled, a customer can still use their MasterCard™ PayPass, Visa payWave or American Express Contactless enabled credit, charge or debit card on a contactless enabled terminal or touchpad to initiate the payment side of the transaction. When contactless is used, for any transaction under the value of $100 there is no need for the customer to PIN or sign. For transactions of $100 or greater the customer will at this point in time be asked to PIN or sign, but we recommend that you encourage them to use their PIN.

To check whether the point-of-sale terminal supports contactless transactions, ask your bank or acquiring institution, or simply look at the terminal’s screen prompt for instructions. The following symbol Contactless symbol indicates that the card and the payment terminal or card reader can conduct a contactless transaction.

What happens if a customer still tries to sign for a purchase in Australia?

From August 1st 2014 if the terminal has requested a PIN (likely to see “ENTER PIN” on the screen) then it will not allow the transaction to continue unless the customer’s PIN is entered. Therefore it is important that you tell your customers to have and use a PIN as soon as possible in order to avoid any issues with processing their payments in the future.

As mentioned above, there will be infrequent cases where the customer will need to sign for the transaction rather than enter the PIN (e.g. cards from overseas). In these cases, the terminal will indicate that the customer should sign the receipt.

What happens if a customer forgets their PIN?

If a customer types in the wrong PIN three times into the point-of-sale terminal, their card may become locked. You should tell the customer to contact their bank or financial institution to obtain instructions on how to unlock their card. In some cases the customer will be asked to go to their bank’s branch or ATM to unlock the card. You should offer to allow the customer to complete the purchase using a different payment method, either a different card, cash, or cheque (if applicable).

Please note that, until August 1st signature remains a valid form of cardholder verification for Australian issued cards and should be accepted if the customer uses this method.

What if a customer is not prompted to enter a PIN?

Where the point-of-sale terminal does not prompt your customer to enter a PIN, they will be asked to follow the current card payment process, normally using their signature to confirm the transaction. Note that contactless transactions under $100 and some low value transactions under $35 will not require a PIN or a signature.

If a customer returns goods for a refund, will they need to enter their PIN to receive the money back?

Merchant processes for dealing with refunds may vary. In some cases, the customer may be asked to enter their PIN.

If a transaction has been pre-authorised - for example when checking into a hotel - will the customer need to enter their PIN?

No. PIN will only be required at point-of-sale terminals for purchases of goods and services in real time, as well as cash-out transactions if the card supports them. A hotel booking may have been pre-authorised and so isn’t being processed in real time.

If I run a café/bar/restaurant, how do I get one of the new “pay-at-table” terminals for my establishment?

For customers in cafes, bars and restaurants, a “pay-at-table” terminal may be the easiest way for them to enter a PIN to verify their transaction. If you would like to know more about these types of terminals, how they would fit into your business and how to get them installed, please contact the bank / financial institution that currently deals with your card transactions; they should be able to provide you with all of the information that you need.

How can a customer add a tip/gratuity in a restaurant?

Most new “pay-at-table” terminals at restaurants should display the amount that the customer is paying and ask if they wish to add a tip/gratuity (often providing the option of adding a percentage or a dollar figure that they can choose). The customer should simply follow the display prompts. If they add a tip/gratuity amount, the total amount of the transaction will then be displayed, and they will be prompted to enter their PIN. By doing so they are accepting the total amount of the transaction.

Are there special considerations for retail petrol merchants?

Petrol merchants present a special situation in that the typical sales process involves the customer paying for the petrol after they have already filled their tanks. In the event that the customer cannot successfully enter their PIN to complete the transaction, they will need to be able to pay using a different payment method. This might include a different payment card, cash, or cheque (if applicable).

Furthermore, in these circumstances, please recommend that the customer contact their bank /card issuer in order to gain an operational PIN for that card.

After 1 August 2014

Why can my customers still sign?

As the software in Australia’s point-of-sale (POS) terminals is upgraded, there may still be situations where customers are offered the option to sign or PIN. Merchants and customers should follow the prompts on the terminal to determine the appropriate authentication method. However, where possible PIN should be promoted as the primary authorisation method, as the number of places where signature is accepted will quickly reduce over the next couple of months .

However, merchants should remember that holders of most cards from overseas and a small number of “signature-preferred” cards issued in Australia are still permitted to sign rather than PIN.

What if I my customer doesn’t have a chip card?

After 1 August, Australian issued magnetic-stripe (mag-stripe) cards without an embedded-chip will still be able to use signature for authorisation; most of these cards will be replaced with chip-enabled cards by their issuer within the next few months.

Does this impact ‘Tap & Go’ / contactless?

The operation of Visa payWave, MasterCard PayPass, and contactless payments from other providers, including American Express, for transactions up to $100 will not change in light of the move to PIN.

What if my customer cannot use a PIN?

Australians with a genuine need to sign can apply for signature-preferred cards; each applicant for such a card will be assessed on a case-by-case basis by their bank or card issuer. People cannot opt to have a signature-preferred card simply because they prefer to sign. The move to PIN only technology is a compulsory security update to Australia’s payment system. You should suggest that your customer contact their bank or financial institution to discuss the options available to them.

What about non-Australian issued cards?

Visitors from overseas will not be impacted by the changes, so they will use signature or PIN to authorize transactions as they did before. Hence signature will still be a valid form of payment authorisation for most visitors from overseas. Again, you should be guided by the prompts on the terminal to determine the form of authentication appropriate for overseas cardholders.

Travelling PINwise

Is it unsafe for customers to sign for purchases when they go overseas?

Australian issued credit, charge or debit cards may or may not support PIN when used overseas, depending on the destination. If the equipment at the overseas merchant does not allow the customer to use a PIN, they should still feel safe that they are protected by signature verification.

What happens if a customer is visiting Australia as a tourist or on business and does not have a PIN card - will they be able to use their card in my shop?

You don't need to worry. Your customer’s card will still be accepted in Australian shops and by other businesses including hotels and restaurants. They will simply be asked to transact, just as before - including the use of signature for verification.

Customer Information

How does a customer get a PIN for their card? How do they change their PIN? How do they find out if they already have a PIN on their card?

The customers bank / card issuer will provide them the PIN for their credit, charge or debit card. If they have forgotten their PIN, the card issuer can provide them with another PIN upon request. PIN’s may be issued over the internet, by phone or via mail (usually in a separate envelope to the actual card). Some card issuers allow their customers to customise and select their own PIN during the card activation process over the phone.

It will be important that customers remember the PIN for each of their credit, charge and debit cards. If a customer does not remember what PIN they have, it is best for them to contact their bank/card issuer directly.

Different card issuers have different processes for changing a PIN. It is best for the customer to contact their bank/card issuer directly, or visit their website, to find out how to change their PIN or request a new one.

Is the PIN that a customer uses for making purchases the same as the PIN used for cash withdrawals at the ATM?

Yes. Each new card will have only one PIN that can be used for both cash withdrawals at ATMs and purchases at point-of-sale.

Will PINs be used to make card transactions through the Internet or over the telephone?

No. PIN is only applicable when a customer is physically present at the point-of-sale during the purchase or cash-out transaction. Remote transactions, ie. not “in person”, should not request a cardholder’s PIN, which should remain confidential and known only to themselves.

In what cases would cardholders not have to use a PIN?

A PIN is not required for mail or telephone order transactions, or transactions conducted on the Internet.

PIN is only applicable when a customer is physically present at the point-of-sale during the purchase or withdrawing cash at an ATM. There are some circumstances at the physical point-of-sale when PIN is not required (and neither is signature), most notably contactless payments under $100, low value payments (under $35) at some merchants and most transactions from unattended terminals e.g. vending machines and parking meters.

What happens if a customer exceeds their PIN tries at an ATM or payment terminal?

If a customer types in the wrong PIN three times into the point-of-sale terminal, their card may become locked so that fraudsters cannot keep trying to guess the PIN. You should tell the customer to contact their bank or financial institution to obtain instructions on how to unlock their card. In some cases the customer will be asked to go to their bank’s branch or ATM to unlock the card.

You should offer to allow the customer to complete the purchase using a different payment method, either a different card, cash, or cheque (if applicable).

Card Details

Do all credit, charge and debit cards still need to be signed on the reverse?

Yes. This is still necessary, as the signature will continue to be used for verification in certain situations, such as travelling abroad to a country where PIN is not used, or where a terminal has not yet been upgraded to accept PIN.

Indeed, for the time being, signature remains a valid form of cardholder verification for Australian issued cards and should be accepted if the customer insists on using this method.

What does a “chip card” look like?

Australian issued credit, charge or debit cards will most likely already have a "smart" chip. The chip itself is embedded in the card, but the top of the gold/silver contact plate can be seen from the front of the card, on the left hand side. There will be occasions when you may not be able to process a PIN transaction and the customer will be required to sign instead. Cards will therefore retain their magnetic stripe and signature strip on the back.

PINwise and Accessibility

What if a customer has an impairment which makes it impossible to use a PIN?

While it is recommended that cardholders always use their PIN if given the option, it is understood that some cardholders may have a genuine requirement to be able to continue to sign due to mental or physical impairments, even once the PIN mandate is in force from 1st August. For these select cardholders a number of card issuers will be providing an option for the cardholder to request a replacement card which will allow them to continue to sign if they have difficulty using a PIN. You should contact your own financial institution or issuer if you require further information on this topic.

How does PIN affect those who are blind or partially sighted?

The vast majority of PIN pads on point-of-sale terminals have a tactile feature that includes a raised dot on the middle ‘5’ button. This layout will be familiar to most people with vision impairments, and should therefore be easier to use. Also, the primary 'function' keys are colour coded for ease of visibility. Usually, the 'cancel' button is red, the 'clear/cancel' button is yellow, and the 'Enter/OK' button is green.

Many PIN pads are designed to be picked up from their holders, to make it easier and more secure to enter a PIN. There are also PIN pads which have been built into the shop counter, and in restaurants and bars the PIN pads are likely to be (or will soon become) wireless so that your customer can pay whilst sitting at the table. Whatever the case may be, your staff should always be able to help the customer through the process and answer any queries. However you or your staff should never ask the customers to disclose their PIN, it must remain confidential/secret to the customer at all times.

Research with blind/visually impaired cardholders in February 2013 showed that the vast majority of those interviewed were happy to use a PIN, having tried it and found it easier and quicker than signing.

If a customer has trouble using their hands, how does PIN affect them?

Some people may have difficulty with entering PINs, particularly those with physical conditions such as arthritis or cerebral palsy. If you have a customer with a disability and you think that they may have difficulty with PIN due to impairment, please ask them to contact their bank/card issuer and they will discuss options with them.

Can the customer ask me or my staff to enter their PIN for them?

No. For security reasons, the customer’s PIN must never be shared with anyone, even card issuer staff. If a customer is unable to use a PIN please ask them to contact their card issuer to discuss alternative options .

Top 5 FAQs