PSD2 Service Directive - Cards

The implementation of the European Directive on Payment Services (PSD2) changes the way you make purchases with your card

The revised Payment Services Directive (PSD2, Directive 2015/2366/EU), which was incorporated into Greek law by Law 4537/2018, aims, inter alia, to make payments within the European Economic Area (EEA)* easier and more secure. According to this directive, as of 14th September 2019, e-commerce, as well as contactless PIN-less transactions that require the use of a card are modernized.

* European Economic Area (EEA) : EU Member States and Iceland, Liechtenstein and Norway

How do contactless transactions change

All contactless transactions up to the amount of €25 each and up to the cumulative amount of €150 do not require entering a PIN at a POS terminal, when using debit, credit or prepaid cards.

Each time a transaction using PIN authentication is carried out, the €150 limit will be reset to zero.

Consequently, unlimited successive contactless purchases will not be allowed without entering a PIN.


What is Strong Customer Authentication?

Strong Customer Authentication is a verification payment process that authenticates the cardholder by applying at least two factors that fall under the following 3 categories.

Something that the user:

  • Knows exclusively (e.g. password or PIN)
  • Possesses (e.g. authentication code generator device)
  • Is (e.g. use of fingerprint)

Consequently, entering the card details only (card number, expiration date, three-digit Card Verification Value number) will not suffice.

How will online purchases using a card (e-commerce) be carried out?

Strong Customer Authentication at the time of purchase will be applied using:

  • push notification at winbank mobile app or
  • winbank web banking credentials and extraPIN code

According to the above information, you can make purchases in online stores, within the European Economic Area, using Piraeus Bank cards (debit, credit, prepaid cards) provided you have winbank credentials and you have declared your mobile phone number to the Bank for receiving the extraPIN.

In case that:

  • you do not have winbank credentials, here you will find instructions for online
  • you have winbank access but you do not remember your credentials or you have blocked your password, you will find here instructions to regain your access.
  • you have winbank access but your credentials have been deactivated, you can proceed to their immediate reactivation by calling Piraeus Βank call center at 210 3288000 (24/7, from landline or mobile, according to the pricing policy of your phone provider).
  • you have winbank access but you do not have a registered mobile number to receive the extraPIN code, you can proceed to its immediate declaration through the winbank web banking service. Find here the process and follow the detailed instructions.

Alternatively, for all the above cases, you can visit a Piraeus Βank branch.

FAQs - Contactless transactions

1. What are contactless transactions?

Contactless transactions are a quick and secure method to make your purchases using special technology cards that bear the relevant symbol . Contactless transactions allow customers to make purchases simply by holding their card close to the contactless POS terminal. Currently, if the amount is under €25, you are not required to enter your PIN. However, if the amount is over €25, you will be asked to enter your PIN. For more information click here.


2. How do contactless card transactions change as of 14.09.2019 onwards?

There will be a limit on PIN-less contactless transactions up to the cumulative amount of €150. When the limit is reached, customers will be required to enter their PIN to the POS terminal, even if the transaction is under €25. Each time a transaction using PIN authentication is carried out, the €150 limit will be reset to zero. For example: If you have carried out PIN-less contactless transactions amounting to a total value of €150 and then make a purchase of €22, you will be required to enter your PIN on the POS device. You will then be able to continue your PIN-less contactless transactions up to the amount of €150.


3. Does the limit of €25 still apply? Up to what amount can I make a PIN-less contactless transaction?

The limit of €25 for each contacless transaction still applies. For transactions that do not exceed the amount of €25, you are not required to enter your PIN. You will be required to enter it as soon as the total amount of PIN-less contactless transactions exceeds the cumulative amount of €150.


4. Why is there a €150 limit on the total amount of PIN-less transactions carried out by card? I do not wish to enter my PIN in any purchases under €25.

This limit (€150) has been set under the revised European Payment Services Directive (PSD2) and there can be no exception. The Directive aims to make payments more secure, more effective and easier. Under this directive, payment services in Europe are being modernized to the benefit of both consumers and businesses. If you carry out regular card transactions where you enter your PIN, such as cash withdrawals or balance checks on ATMs, or if you make purchases over €25, then you may not be required to enter your PIN for transactions under the amount of €25.


5. Does the €150 limit on PIN-less contactless transactions apply to card transactions both within and outside the European Union?

This applies to successive card transactions only in countries within the European Economic Area (EEA)*.


6. If the €150 limit has been reached in PIN-less contactless transactions, and I carry out a contactless transaction outside the EU, what will happen?

Your contactless transaction using a card outside the EEA will be carried out exactly as before, without being affected by this directive. The cumulative limit of €150 does not apply to transactions outside the European Union.


7. Is the €150 limit of contactless card transactions reset to zero each time a transaction is carried out in which the PIN is entered?

Yes, any transaction in which the PIN is entered in countries within the EEA, at a retailer or ATM, resets the limit to zero.


8. Does the cumulative limit of €150 on contactless card transactions have a time limit?

There is no time limit. Whenever a card transaction that requires PIN is carried out, the balance is reset to zero. E.g. if you have made contactless transactions without entering a PIN, up to a total of €60 in a period of 2 months, then make a purchase whereby you enter your PIN, the limit is reset to zero and the amount starts building up again.


9. I have an add-on card in my credit card. Will I have a single limit with my primary card for the amount of PIN-less transactions?

No, each card has its own limit.


10. I have an add-on corporate debit card. Will I have a single limit with my other colleagues' add-on corporate cards for the amount of PIN-less transactions?

No, each card has its own limit.


11. I have a debit, credit and prepaid card. Is there a single limit for all my cards?

No, each card has its own limit.



*European Economic Area (EEA): EU Member States and Iceland, Liechtenstein and Norway

FAQs - e-Commerce transactions

1. How are online transactions using cards (e-commerce) carried out and how is Strong Customer Authentication applied?

Strong Customer Authentication (SCA) is a payment process that applies to card transactions in online stores in countries within the European Economic Area (EEA)*. At the time of payment, after entering the card details, you will be asked to authenticate yourself via a Piraeus Bank designated platform by using:

  • push notification at winbank mobile app or
  • winbank web banking credentials and extraPIN code


2. What should I have with me in order to make an internet purchase?

  • If the winbank web banking service is used, you are required to have winbank web banking credentials, your card details and the mobile phone number you have declared to the Bank.
  • If the winbank mobile app is used, you are required to carry your card details and the mobile phone number you have declared to the Bank.


3. I have excluded my debit card from winbank. Will I have trouble to make an internet purchase?

In order to be able to make an internet purchase with strong identification, you must cancel any restrictions you have given (View Only or Excluded) to your card (debit or credit or prepaid), by selecting "Full Access" in the winbank "Product Settings" menu.



4. How can I get winbank access?

If you do not have winbank access, here you can you can find instructions to register online easily and quickly. To complete your registration you will need to:

  • Have your 16-digit debit card number and your mobile phone number you have declared to the Bank
  • Remember your debit card PIN. If you do not have a debit card, please visit a Piraeus Bank branch.

Alternatively, you may sign up in winbank through any Piraeus Bank branch, with a fee according to Piraeus Bank pricelist.



5. Does the Strong Customer Authentication (SCA) process apply to all Piraeus Bank cards?

The Strong Customer Authentication process applies to all Piraeus Bank credit, debit, reloadable prepaid cards, owned either by individuals or businesses.



6. Does the Strong Customer Authentication (SCA) process apply to online card transactions in countries outside the European Economic Area (EEA)?

No, it applies to card transactions in online stores located in countries within the EEA.



7. Can I make online purchases using my card (e-commerce) without Strong Customer Authentication?

For online transactions up to €30, Piraeus Bank will not require Strong Customer Authentication when these do not exceed the cumulative amount of €100, for your own convenience. Once this amount is exceeded, Strong Customer Authentication applies. Each time a transaction that requires Strong Customer Authentication is carried out, the limit of €100 is reset to zero.



8. Does the cumulative limit of €100 for card transactions in online stores that does not require Strong Customer Authentication apply to non-EEA countries as well?

No, it applies exclusively to card transactions in online stores located in countries within the EEA.



9. Is there a limit on the number of online transactions under €30 using a card where Strong Customer Authentication does not apply?

No, there is no limit as to the number of transactions. However, there is a cumulative limit up to the amount of €100.



10. Is the €100 limit on card transactions in online stores reset to zero when the card is used in a physical store transaction as well?

No, the €100 limit only applies to card transactions of amounts up to €30, which are carried out in online stores and is reset to zero each time a transaction is carried out in an online store that requires Strong Customer Authentication (e-commerce).



11. How do I know my balance for purchases that do not require Strong Customer Authentication?

Once the limit is reached, you will be prompted to authenticate yourself on your next transaction.



12. I have an add-on card in my credit card. Does the €100 limit apply per credit card (primary or add-on card)?

Yes, the cumulative limit of €100 for e-commerce transactions applies per card (primary or add-on card). That is, all four (4) cards have a limit of €100, each.



13. I have an add-on corporate debit card. Will I have a single limit with my other colleagues' add-on corporate cards for the amount of PIN-less transactions?

No, each card has its own limit.



14. I have a debit, credit and prepaid card. Will I have a single limit for all my cards?

No, each card has its own limit.



15. I have an add-on credit card. Will I enter my own winbank credentials?

Yes, you will enter your own winbank credentials and the mobile phone number you have registered when you signed up for this service.



16. How safe is it to register my winbank credentials on an online store where I intend to make a purchase using my card?

winbank credentials are NOT registered in online stores. The credentials are registered on a Piraeus Bank designated webpage. Piraeus Bank applies state-of-the-art systems and recognized security protocols to ensure your secure access to winbank services that safeguard your online transactions based on strict specifications.



17. I use winbank service with limited access. Can I use these winbank credentials in the Strong Customer Authentication process when I make online purchases?

Yes, you can. However, a prerequisite for receiving an extraPIN code by push notification or SMS is to declare your mobile phone number at winbank web banking service.



18.I have issued a virtual business prepaid card through winbank business web banking service. Since I do not have my own winbank, will I enter my winbank business credentials when Strong Customer Authentication is required in purchases by card?

Yes, you will enter your business winbank credentials.



19. I have additional corporate debit as well as additional corporate credit card. Am I going to enter winbank business credentials?

No, you will enter your personal winbank credentials and use the mobile number that has been registered when you signed up.



20. I signed up for winbank, can I now make an Internet purchase?

At least one login to winbank should be made first.



*European Economic Area (EEA): EU Member States and Iceland, Liechtenstein and Norway