PSD2 Service Directive - Cards

The implementation of the European Directive on Payment Services (PSD2) changes the way you make purchases with your card

The revised Payment Services Directive (PSD2, Directive 2015/2366/EU), which was incorporated into Greek law by Law 4537/2018, aims, inter alia, to make payments within the European Economic Area (EEA)* easier and more secure. According to this directive, as of 14th September 2019, e-commerce, as well as contactless PIN-less transactions that require the use of a card are modernized.

* European Economic Area (EEA) : EU Member States and Iceland, Liechtenstein and Norway

How do contactless transactions change

All contactless transactions up to the amount of €50 each and up to the cumulative amount of €150 do not require entering a PIN at a POS terminal, when using debit, credit or prepaid cards.

Each time a transaction using PIN authentication is carried out, the €150 limit will be reset to zero.

Consequently, unlimited successive contactless purchases will not be allowed without entering a PIN.


What is Strong Customer Authentication?

Strong Customer Authentication is a verification payment process that authenticates the cardholder by applying at least two factors that fall under the following 3 categories.

Something that the user:

  • Knows exclusively (e.g. password or PIN)
  • Possesses (e.g. authentication code generator device)
  • Is (e.g. use of fingerprint)

Consequently, entering the card details only (card number, expiration date, three-digit Card Verification Value number) will not suffice.

How will online purchases using a card (e-commerce) be carried out?

Strong Customer Authentication at the time of purchase will be applied using:

  • push notification at Piraeus app or
  • Piraeus e-banking credentials and extraPIN code

According to the above information, you can make purchases in online stores, within the European Economic Area, using Piraeus Bank cards (debit, credit, prepaid cards) provided you have Piraeus e-banking credentials and you have declared your mobile phone number to the Bank for receiving the extraPIN.

In case that:

  • you do not have Piraeus e-banking credentials, here you will find instructions for online
  • you have Piraeus e-banking access but you do not remember your credentials or you have blocked your password, you will find here instructions to regain your access.
  • you have Piraeus e-banking access but your credentials have been deactivated, you can proceed to their immediate reactivation by calling Piraeus Βank call center at 210 3288000 (24/7, from landline or mobile, according to the pricing policy of your phone provider).
  • you have Piraeus e-banking access but you do not have a registered mobile number to receive the extraPIN code, you can proceed to its immediate declaration through the Piraeus e-banking service. Find here the process and follow the detailed instructions.

Alternatively, for all the above cases, you can visit a Piraeus Βank branch.

FAQs - Contactless transactions

1. What are contactless transactions?

Contactless transactions are a quick and secure method to make your purchases using special technology cards that bear the relevant symbol . Contactless transactions allow customers to make purchases simply by holding their card close to the contactless POS terminal. Currently, if the amount is under €50, you are not required to enter your PIN. However, if the amount is over €50, you will be asked to enter your PIN. For more information click here.


2. How do contactless card transactions change as of 14.09.2019 onwards?

There will be a limit on PIN-less contactless transactions up to the cumulative amount of €150. When the limit is reached, customers will be required to enter their PIN to the POS terminal, even if the transaction is under €50. Each time a transaction using PIN authentication is carried out, the €150 limit will be reset to zero. For example: If you have carried out PIN-less contactless transactions amounting to a total value of €150 and then make a purchase of €22, you will be required to enter your PIN on the POS device. You will then be able to continue your PIN-less contactless transactions up to the amount of €150.
Additionally, in accordance with Article 12 of European Regulation (EU) 2018/389 supplementing Directive (EU) 2015/2366 of the European Parliament, when you electronically initiate a payment transaction at an automatic payment terminal for the purpose of paying a transport fare or parking fee, strong customer authentication is not applied.


3. Does the limit of €50 still apply? Up to what amount can I make a PIN-less contactless transaction?

The limit of €50 for each contacless transaction still applies. For transactions that do not exceed the amount of €50, you are not required to enter your PIN. You will be required to enter it as soon as the total amount of PIN-less contactless transactions exceeds the cumulative amount of €150.


4. Why is there a €150 limit on the total amount of PIN-less transactions carried out by card? I do not wish to enter my PIN in any purchases under €50.

This limit (€150) has been set under the revised European Payment Services Directive (PSD2) and there can be no exception. The Directive aims to make payments more secure, more effective and easier. Under this directive, payment services in Europe are being modernized to the benefit of both consumers and businesses. If you carry out regular card transactions where you enter your PIN, such as cash withdrawals or balance checks on ATMs, or if you make purchases over €50, then you may not be required to enter your PIN for transactions under the amount of €50.


5. Does the €150 limit on PIN-less contactless transactions apply to card transactions both within and outside the European Union?

This applies to successive card transactions only in countries within the European Economic Area (EEA)*.


6. If the €150 limit has been reached in PIN-less contactless transactions, and I carry out a contactless transaction outside the EU, what will happen?

Your contactless transaction using a card outside the EEA will be carried out exactly as before, without being affected by this directive. The cumulative limit of €150 does not apply to transactions outside the European Union.


7. Is the €150 limit of contactless card transactions reset to zero each time a transaction is carried out in which the PIN is entered?

Yes, any transaction in which the PIN is entered in countries within the EEA, at a retailer or ATM, resets the limit to zero.


8. Does the cumulative limit of €150 on contactless card transactions have a time limit?

There is no time limit. Whenever a card transaction that requires PIN is carried out, the balance is reset to zero. E.g. if you have made contactless transactions without entering a PIN, up to a total of €60 in a period of 2 months, then make a purchase whereby you enter your PIN, the limit is reset to zero and the amount starts building up again.


9. I have an add-on card in my credit card. Will I have a single limit with my primary card for the amount of PIN-less transactions?

No, each card has its own limit.


10. I have an add-on corporate debit card. Will I have a single limit with my other colleagues' add-on corporate cards for the amount of PIN-less transactions?

No, each card has its own limit.


11. I have a debit, credit and prepaid card. Is there a single limit for all my cards?

No, each card has its own limit.



*European Economic Area (EEA): EU Member States and Iceland, Liechtenstein and Norway

FAQs - e-Commerce transactions

1. How are online transactions using cards (e-commerce) carried out and how is Strong Customer Authentication applied?

Strong Customer Authentication (SCA) is a payment process that applies to card transactions in online stores in countries within the European Economic Area (EEA)*. At the time of payment, after entering the card details, you will be asked to authenticate yourself via a Piraeus Bank designated platform by using:

  • push notification at Piraeus app or
  • Piraeus e-banking credentials and extraPIN code


2. What should I have with me in order to make an internet purchase?

  • If the Piraeus e-banking service is used, you are required to have Piraeus e-banking credentials, your card details and the mobile phone number you have declared to the Bank.
  • If the Piraeus app is used, you are required to carry your card details and the mobile phone number you have declared to the Bank.


3. I have excluded my card from Piraeus e-banking. Will I have trouble to make an internet purchase?

In order to be able to make an internet purchase with strong identification, you must cancel any restrictions you have given (View Only or Excluded) to your card (debit or credit or prepaid), by selecting "Full Access" in the Piraeus e-banking "Product Settings" menu.



4. How can I get Piraeus e-banking access?

If you do not have Piraeus e-banking access, here you can you can find instructions to register online easily and quickly. To complete your registration you will need to:

  • Have your 16-digit debit card number and your mobile phone number you have declared to the Bank
  • Remember your debit card PIN. If you do not have a debit card, please visit a Piraeus Bank branch.

Alternatively, you may sign up in Piraeus e-banking through any Piraeus Bank branch, with a fee according to Piraeus Bank pricelist.



5. Does the Strong Customer Authentication (SCA) process apply to all Piraeus Bank cards?

The Strong Customer Authentication process applies to all Piraeus Bank credit, debit, reloadable prepaid cards, owned either by individuals or businesses.



6. Does the Strong Customer Authentication (SCA) process apply to online card transactions in countries outside the European Economic Area (EEA)?

The process of Strong Customer Authentication is mandatory for card transactions in online stores established in countries within the EEA (ie an online merchant operating in a member state of the European Union, Norway, Iceland and Liechtenstein).

In countries outside the EEA, Strong Customer Authentication is not mandatory. However, Strong Customer Authentication is applied, if the merchant in these countries supports 3d secure protocol.



7. Can I make online purchases using my card (e-commerce) without Strong Customer Authentication?

For your own convenience, Piraeus Bank will not require Strong Customer Authentication (SCA) up to the amount of €100 for online transactions, under the condition that they comply with the specifications of Bank's security protocols. For amounts over €100 you will always be asked for Strong Customer Authentication (SCA).



8. Does the limit of €100 for card transactions in online stores that does not require Strong Customer Authentication apply to non-EEA countries as well?

The Strong Customer Authentication applies to card transactions in online stores located in:

  • countries within the EEA.
  • countries outside the EEA, as long as the merchant supports the 3d secure security protocol


9. Is there a limit on the number of online transactions under €100 using a card where Strong Customer Authentication does not apply?

No, there is no limit to the number of transactions.



10. I have a debit, credit and prepaid card. Will I have a single limit for all my cards?

No, each card has its own limit.



11. I have an add-on credit card. Will I enter my own Piraeus e-banking credentials?

Yes, you will enter your own Piraeus e-banking credentials and the mobile phone number you have registered when you signed up for this service.



12. How safe is it to register my Piraeus e-banking credentials on an online store where I intend to make a purchase using my card?

Piraeus e-banking credentials are NOT registered in online stores. The credentials are registered on a Piraeus Bank designated webpage. Piraeus Bank applies state-of-the-art systems and recognized security protocols to ensure your secure access to Piraeus e-banking services that safeguard your online transactions based on strict specifications.



13. I use Piraeus e-banking service with limited access. Can I use these Piraeus e-banking credentials in the Strong Customer Authentication process when I make online purchases?

Yes, you can. However, a prerequisite for receiving an extraPIN code by Viber/SMS is to declare your mobile phone number at Piraeus e-banking service.



14. I have issued a virtual business prepaid card through Piraeus Business e-banking service. Since I do not have my own Piraeus e-banking, will I enter my Piraeus Business e-banking credentials when Strong Customer Authentication is required in purchases by card?

Yes, you will enter your Piraeus Business e-banking credentials.



15. I have additional corporate debit as well as additional corporate credit card. Which Piraeus e-banking credentials i am going to enter?

You will enter either your personal Piraeus e-banking credentials or your Piraeus Business e-banking credentials and use the mobile number that has been registered when you signed up.



16. I signed up for Piraeus e-banking, can I now make an Internet purchase?

At least one login to Piraeus e-banking should be made first.


*European Economic Area (EEA): EU Member States and Iceland, Liechtenstein and Norway