PSD2 Service Directive - Cards

The implementation of the European Directive on Payment Services (PSD2) changes the way you make purchases with your card

The revised Payment Services Directive (PSD2, Directive 2015/2366/EU), which was incorporated into Greek law by Law 4537/2018, aims, inter alia, to make payments within the European Economic Area (EEA)* easier and more secure. According to this directive, as of 14th September 2019, e-commerce, as well as contactless PIN-less transactions that require the use of a card are modernized.

* European Economic Area (EEA) : EU Member States and Iceland, Liechtenstein and Norway

How do contactless transactions change

As of 14th September 2019, all contactless transactions up to the amount of €25 each and up to the cumulative amount of €150 do not require entering a PIN at a POS terminal, when using debit, credit or prepaid cards.

Each time a transaction using PIN authentication is carried out, the €150 limit will be reset to zero.

Consequently, unlimited successive contactless purchases will not be allowed without entering a PIN.


How does online shopping (e-commerce) change when using a card

Specifically, changes relate to the Strong Customer Authentication (SCA) process. Online shopping with debit, credit or prepaid cards will be carried out under Strong Customer Authentication at the time of purchase*.

*As of September 14, 2019, strong customer authentication will not apply in some electronic transactions, due to the gradual adaptation of all stakeholders to the Strong Customer Authentication requirements.

What is Strong Customer Authentication?

Strong Customer Authentication is a verification payment process that authenticates the cardholder by applying at least two factors that fall under the following 3 categories.

Something that the user:

  • Knows exclusively (e.g. password or PIN)
  • Possesses (e.g. authentication code generator device)
  • Is (e.g. use of fingerprint)

Consequently, entering the card details only (card number, expiration date, three-digit Card Verification Value number) will not suffice.

How will online purchases using a card (e-commerce) be carried out?

Strong Customer Authentication at the time of purchase will be applied using:

  1. winbank web/mobile banking credentials (something the customer knows) and
  2. SMS extraPIN or push notification (something the customer has or is)

According to the above information, you can make purchases in online stores, within the European Economic Area, using Piraeus Bank cards (debit, credit, prepaid cards) provided you have winbank banking credentials and you have registered your mobile phone number with the Bank for receiving the extraPIN.

FAQs - Contactless transactions

1. What are contactless transactions?

Contactless transactions are a quick and secure method to make your purchases using special technology cards that bear the relevant symbol . Contactless transactions allow customers to make purchases simply by holding their card close to the contactless POS terminal. Currently, if the amount is under €25, you are not required to enter your PIN. However, if the amount is over €25, you will be asked to enter your PIN. For more information click here.


2. How do contactless card transactions change as of 14.09.2019 onwards?

There will be a limit on PIN-less contactless transactions up to the cumulative amount of €150. When the limit is reached, customers will be required to enter their PIN to the POS terminal, even if the transaction is under €25. Each time a transaction using PIN authentication is carried out, the €150 limit will be reset to zero. For example: If you have carried out PIN-less contactless transactions amounting to a total value of €150 and then make a purchase of €22, you will be required to enter your PIN on the POS device. You will then be able to continue your PIN-less contactless transactions up to the amount of €150.


3. Does the limit of €25 still apply? Up to what amount can I make a PIN-less contactless transaction?

The limit of €25 for each contacless transaction still applies. For transactions that do not exceed the amount of €25, you are not required to enter your PIN. You will be required to enter it as soon as the total amount of PIN-less contactless transactions exceeds the cumulative amount of €150.


4. Why is there a €150 limit on the total amount of PIN-less transactions carried out by card? I do not wish to enter my PIN in any purchases under €25.

This limit (€150) has been set under the revised European Payment Services Directive (PSD2) and there can be no exception. The Directive aims to make payments more secure, more effective and easier. Under this directive, payment services in Europe are being modernized to the benefit of both consumers and businesses. If you carry out regular card transactions where you enter your PIN, such as cash withdrawals or balance checks on ATMs, or if you make purchases over €25, then you may not be required to enter your PIN for transactions under the amount of €25.


5. Does the €150 limit on PIN-less contactless transactions apply to card transactions both within and outside the European Union?

This applies to successive card transactions only in countries within the European Economic Area (EEA)*.


6. If the €150 limit has been reached in PIN-less contactless transactions, and I carry out a contactless transaction outside the EU, what will happen?

Your contactless transaction using a card outside the EEA will be carried out exactly as before, without being affected by this directive. The cumulative limit of €150 does not apply to transactions outside the European Union.


7. Is the €150 limit of contactless card transactions reset to zero each time a transaction is carried out in which the PIN is entered?

Yes, any transaction in which the PIN is entered in countries within the EEA, at a retailer or ATM, resets the limit to zero.


8. Does the cumulative limit of €150 on contactless card transactions have a time limit?

There is no time limit. Whenever a card transaction that requires PIN is carried out, the balance is reset to zero. E.g. if you have made contactless transactions without entering a PIN, up to a total of €60 in a period of 2 months, then make a purchase whereby you enter your PIN, the limit is reset to zero and the amount starts building up again.


9. I have an add-on card in my credit card. Will I have a single limit with my primary card for the amount of PIN-less transactions?

No, each card has its own limit.


10. I have an add-on corporate debit card. Will I have a single limit with my other colleagues' add-on corporate cards for the amount of PIN-less transactions?

No, each card has its own limit.


11. I have a debit, credit and prepaid card. Is there a single limit for all my cards?

No, each card has its own limit.



*European Economic Area (EEA): EU Member States and Iceland, Liechtenstein and Norway

FAQs - e-Commerce transactions

1. How are online transactions using cards (e-commerce) carried out and how is Strong Customer Authentication applied?

Strong Customer Authentication (SCA) is a payment process that applies to card transactions in online stores in countries within the European Economic Area (EEA)*. At the time of payment, after entering the card details, you will be asked to authenticate** yourself via a Piraeus Bank designated platform by entering the following data: (a) your Piraeus Bank web banking (winbank web & mobile) credentials and (b) a unique code that will be sent to you by sms extraPIN or push notification message on the mobile phone you have registered with winbank web banking service.


2. How can I get winbank web banking codes?

If you do not have winbank codes, you can sign up for free here easily and quickly. To complete your registration you will need to:
• Have your 16-digit debit card number and your mobile phone at hand
• Remember your debit card PIN. If you do not have a debit card, please visit a Piraeus Bank branch. Alternatively, you can sign up for winbank web banking service at any Piraeus Bank branch.


3. Does the Strong Customer Authentication (SCA) process apply to all Piraeus Bank cards?

The Strong Customer Authentication process applies to all Piraeus Bank credit, debit, reloadable prepaid cards, owned either by individuals or businesses.


4. Does the Strong Customer Authentication (SCA) process apply to online card transactions in countries outside the European Economic Area (EEA)?

No, it applies to card transactions in online stores located in countries within the EEA.


5. Can I make online purchases using my card (e-commerce) without Strong Customer Authentication?

For online transactions up to €30, Piraeus Bank will not require Strong Customer Authentication when these do not exceed the cumulative amount of €100, for your own convenience. Once this amount is exceeded, Strong Customer Authentication applies. Each time a transaction that requires Strong Customer Authentication is carried out, the limit of €100 is reset to zero.


6. Does the cumulative limit of €100 for card transactions in online stores that does not require Strong Customer Authentication apply to non-EEA countries as well?

No, it applies exclusively to card transactions in online stores located in countries within the EEA.


7. Is there a limit on the number of online transactions under €30 using a card where Strong Customer Authentication does not apply?

No, there is no limit as to the number of transactions. However, there is a cumulative limit up to the amount of €100.


8. Is the €100 limit on card transactions in online stores reset to zero when the card is used in a physical store transaction as well?

No, the €100 limit only applies to card transactions of amounts up to €30, which are carried out in online stores and is reset to zero each time a transaction is carried out in an online store that requires Strong Customer Authentication (e-commerce).


9. Will there be any changes in the purchases I make using Masterpass service?

Masterpass transactions comply with the revised PSD2 Directive on Strong Customer Authentication.


10. How do I know my balance for purchases that do not require Strong Customer Authentication?

Once the limit is reached, you will be prompted to authenticate yourself on your next transaction.


11. I have an add-on card in my credit card. Does the €100 limit apply per credit card (primary or add-on card)?

Yes, the cumulative limit of €100 for e-commerce transactions applies per card (primary or add-on card). That is, all four (4) cards have a limit of €100, each.


12. I have an add-on corporate debit card. Will I have a single limit with my other colleagues' add-on corporate cards for the amount of PIN-less transactions?

No, each card has its own limit.


13. I have a debit, credit and prepaid card. Will I have a single limit for all my cards?

No, each card has its own limit.


14. I have an add-on credit card. Will I enter my own winbank credentials?

Yes, you will enter your own winbank codes and the mobile phone number you have registered when you signed up for this service.


15. How safe is it to register my winbank (web/mobile) web banking credentials on an online store where I intend to make a purchase using my card?

Winbank (web/mobile) web banking credentials are NOT registered in online stores. The codes are registered on a Piraeus Bank designated webpage. Piraeus Bank applies state-of-the-art systems and recognized security protocols to ensure your secure access to winbank services that safeguard your online transactions based on strict specifications.


16. I use winbank service with limited access. Can I use these winbank credentials in the Strong Customer Authentication process when I make online purchases?

Yes, you can. However, a prerequisite for receiving an sms extraPIN or push notification message is to have your mobile phone registered with winbank web banking service.


17. I have issued a virtual business prepaid card through winbank business service. Since I do not have my own winbank service, will I enter my winbank business credentials when Strong Customer Authentication is required in purchases by card?

Yes, you will enter your business winbank credentials.



*European Economic Area (EEA): EU Member States and Iceland, Liechtenstein and Norway

**As of September 14, 2019, strong customer authentication will not apply in some electronic transactions, due to the gradual adaptation of all stakeholders to the Strong Customer Authentication requirements.