Credit Card PIN Number Changes In Australia: Everything You Need To Know

From 1 August, you'll no longer be able to use a credit card in Australia purely based on the signature: it will have to use a PIN (personal identification number) instead. Here's why this is changing and what you need to know.

Credit card picture from Shutterstock

So what's changing with my card? Currently, people paying with a credit card have the choice of using a PIN or signing for credit card purchases. If you pay with an EFTPOS card, you need to use a PIN number.

That will change come August, when PINs will become the primary form of authorisation for cards. You'll no longer be asked "PIN or signature?" when you make a purchase; you'll be expected to enter the PIN. The change isn't happening until then to ensure that EFTPOS/credit card readers can be updated.

But I've had a PIN for my credit card for years anyway . . . Indeed: it's because PINs are now so widely used that it's possible to make this change without expecting too much disruption.

What about payWave or PayPass? The one exception to the PIN rule: for purchases under $100 using a contactless system, the PIN isn't needed. (This is the same approach that's in place now — you trade off security for convenience.)

My card doesn't have a PIN, or I've forgotten it. Contact your bank/building society/credit union to set or reset it. Some institutions offer the ability to do this via online banking or over the phone. The PINwise site has links for this process for the major banks.

Is a PIN really more secure than a signature? Yes. If someone steals your card and it's only secured by your signature, they can easily practise it until it's easily replicated (assuming anyone even checks in the first place). If you don't know the PIN, the payment won't go through.

That doesn't mean a PIN is perfect. If you record it with something that you regularly carry with your card, then someone can still use it if they steal it. (Don't try the "conceal it in a phone number" trick, that's easy to crack). As ever, if you card is misplaced, notify your institution immediately.

What about visiting tourists with signature-only cards cards? In theory, tourists will still be able to authorise a payment using a signature if they have a credit card issued by an overseas provider. In reality, experience suggests a PIN is likely to be required in some circumstances, depending on the payment terminal and bank. (Similar rules have been in place in European countries for some time and signature -only Australian cards often can't be used there).

A side note for Australian tourists: some banks offer the option of using a PIN that's longer than the standard four digits. While this can be harder to guess, those numbers won't always work overseas, as some banking systems only accept four digits.

Lifehacker's weekly Loaded column looks at better ways to manage (and stop worrying about) your money.

WATCH MORE: Tech & Finance News

Comments

    How this wasn't already the standard is beyond me.

    Coming from the hospitality industry's POV, I have a feeling that tip amounts overall will go down come August

      Would you like to expand on that seemly unrelated comment? I don't see how using a PIN instead of a signature will make a difference to whether a person tips or not.

        The less prompts for a tip the less likely they are to get. My GF used to work a a bar many moons ago, if you ran out of the little plates to give people their change in at your station you would expect your tips to more than halve, basically the act of picking up the money changed made it much 'easier' to give a tip than to get your change and hand over some cash.

        Cards are much the same, i generally pay on card and give my tip on the tip line when i sign, if it isn't there i need to either go to the terminal or hopefully have cash on me to separately pay, there are more barriers to tipping now.

          It's nice that you tip... and I understand that in some parts of the world, you probably should... however, when a lot of them earn the same as I do in retail, here in Australia, I don't feel the need to. I think the pins are a great idea and should have been mandatory a long time ago.

          I tip in America because I am provided with good service and it is expected here.

          In Australia I rarely if ever tip because I do no receive the same service ever.

        If you no longer sign - they no longer bring you your receipt and you no longer get the chance to add the tip.

        Restaurants will need to find an alternative way to bill customers - even potentially bringing the EFTPOS unit to the table at time of payment - and somehow finding an unobtrusive way to allow patrons to tip.

        How will this work - I have no idea.

          Silver Service is definitely going to take a hit in the 'class' stakes. Bringing an EFTPOS machine out is much less sophisticated than a tasteful, thin leather wallet to place card and receipt in. :P

          I was in London in October, and at pretty much every restaurant they brought the EFTPOS unit to the table. They present you with the bill (where you can add / ammened tip) then come back with the EFTPOS unit for payment.

          There are credit terminal institutions that provide pay-at-table options where they can bring out the terminal and you enter the tip directly into it.
          Also means better security of your card because it never leaves your sight

          Many PINpads have tipping functionality built in.
          What this means, is that when you're using the PINpad (insert card, enter PIN), one of the prompts that will appear will be "would you like to add a tip?". You can enter it the same as you might enter cashout.
          This option needs to be enabled, but you should see that in industries where tips are expected or common that option will be turned on.

          Disclaimer: I work in the industry. Our terminals support tipping.

        fair question. but paypass kind of answers the questions. You can still recive the bill with a tip line and then place your paypass enabled card onto the plate

      Considering that tips are not a requirement in Australia, you should not be depending on them. Can we not pick up this one thing from America?

        I eat out 2-3 times a week. We only tip when we get good service and food. If something is not right then we don't tip. For us it's a thank you to the people that made going out worthwhile.

        We've also found that by tipping you become recognised regulars much quicker - ensuring faster service and a few perks. Like invites to the chef's table, free tasting plates and a walk through of some fantastic wines by a fantastic Sommelier. Though we even at our regular haunts they know we don't tip if something goes wrong.

    Some of us deliberately pay by signature to avoid losing our PIN. I paid by PIN at a Cronulla food place and within 24 hours, my bank account was emptied at ATMs near Cronulla, by someone who'd obviously stolen my PIN and crafted a fake card. With a signature, well, at least they wouldn't have gotten cash.

      One should always consider there is a camera trained at the pad and cover your hand. This should be at the ATM as well as the Card Machine.

      I also note that this sort of skimming is less possible if you use the chip rather than the stripe wherever possible.

        I have a hard time seeing the buttons if I cover my hand.

      Sorry this happened to you Barb, but simply having your PIN stolen via someone watching you/hidden camera wasn't your problem. Your card more then likely was swiped through a skimmer, and that's how they got your information. Getting your pin number yes was easier for them to get the cash, but if you have a visa debit/credit card, they would have just gone online anyway and used it to purchase goods online.

      Jayd defiantly has the best information for you. Use the chip and not the magnetic strip, DON'T use paywave, and cover your hand when you are entering in your pin number. If you are even more worried, anticipate how much you are going to spend on a night out, and carry the cash on you, and ONLY bring the cash out when you are going to pay.

      As someone who has been in retail for over half their life, over 15 years, this is finally good news! The amount of people that are stunned that I ask to match the signature on their card is amazing. This makes me feel better working in retail that at least customers will have better security.

      And the banks bleat on about fraud being the reason for the changeover to pin! How about the money they save by not having to reconcile the signed receipts being passed on to customers!! Never believe what the banks tell you!

    About time, this has been the standard in many overseas countries for a while now. I wonder how it will work with home delivery pizza or Chinese where they take your CC number and manually process the payment

      They'll probably need your CCV.

        I used to moonlight as a delivery driver for a gourmet pizza place. They started requiring the security code to process payments over the phone some time ago now.

    I'm all for the PIN, I've never actually signed for anything to be honest but I think the one reason people still use it is to steal a card and actually use it with a signature involves having to go into a shop, speak with a person, make a purchase and sign a copy. This introduces a bit more physical security, witnesses etc.

    I'm all for the pin as well however for all the elderly folk out there this could be a problem. Working in retail I see first hand that many many elderly people still use the 'good old fashioned' signature. If they are required to use a pin, many will not remember it (due to their age) and will have to keep it written down in there wallet or similar with their card - and this obviously is not very secure...keep and eye on your wallets folks!

    Last edited 22/01/14 12:51 pm

    @AngusKidman Please stop saying "PIN number". It's a pet hate that almost made me not click the title.

      I'll remember that next time I'm at the ATM machine.

      How about PI Number? (Pronounced Pee-Number). Would be fun to tell my Subway "Sandwich artist" that I wish to complete the transaction with a pee-number.

    I just can't wait for American tourists to try and grasp this concept. They already struggle with the question "Pin or sign?".

      Forget about saying chip in reference to a credit card

    PIN Number, PIN Number, PIN Number, ATM Machine, ATM Machine, ATM Machine

    The introduction of a compulsory usage of a pin is to increase the profit of the banks and card issuers. It has nothing to do with helping the you or me - the card user.

    With a signature, if it was not your signature, the card issuer bank reversed the entry and it did not cost you anything. It cost the card issuer banks plenty.

    With a pin number we, the card users, are totally liable for everything charged on the card. The assumption by the card issuer banks is that if your card is used by someone else you must have recorded your pin number and left it in your wallet/purse. Therefore we (card users) are at fault.

    More money for banks. Hooray!

      So... you're advocating for signature, despite the issues outlined above?
      Next you'll complain when they want to eliminate magstripe -.-

      Actually it costs the Merchant, not the banks. If the transaction is reversed the Merchant loses the money, not the bank.

      PIN transactions can still be challenged - it is just a lot harder than saying "that's not my signature".

      i notice this is conveniently left out of alot of the information going around today.
      its up to the banks to prove its your signature, its up to you to prove you didnt use your pin

      I'm glad someone else has pointed this out as I was coming here to do just that!

      Where once you had recourse for fraudulent transaction when your card was stolen, now the banks can get away with not refunding that money. Sure, the thief has to get your pin, but that's a lot easier than the banks make it out to be, and certainly easier than forging your signature.

      A money grab in disguise. Bank profits will just keep on growing while we happily let them let them.

      The more you can use cash, the better. Though how long that will last...

        I totally agree with the previous threads that a signature is better than having a pin. The statement by the banks that its a 1 in 10,000 chance that your pin can be copied is no reassurance that your identity will not be stolen Australia has a population of 22 Million plus so do the maths ( 2200 can rip your pin off at any time, now calculate it with the rest of the world). Already there are enterprises overseas that concentrate on stealing Pin numbers and ID.
        Quite correctly put, the banks will no longer be liable for your credit card fraud. I have an overseas account and credit card facility in the USA. Whenever I do a transaction there, even with a pin number I am asked for an ID whether it is my driving licence or passport or identity card as a safeguard for both the merchant and me the customer. Sure have a Pin number but have someone check its your card.
        Seriously its the banks that are insisting on this and are going to come out on top (as usual). My question is why does American Express and Diners Club have to join the lunacy, their system works around the world why does it have to change just in Australia.
        Non accountability and greed perhaps??? :)
        I guess I will have 2 choices, join the trusting mindless sheep that are our countries inhabitants, or cut up my Australian credit cards.
        I would prefer the latter.

      This is SUCH A NIEVE VIEW. Wow, they are taking the signature away to increase profits? You obviously have never heard of how charge backs work do you? Let me educate you.

      You notice a transaction on your statement that you know you didn't run through. You call up the bank to challenge it. What happens is that they contact the place of purchase, and ask them to provide a copy of the credit card signature, which they should be keeping and filling away. If they are unable to provide it, or if the signature is incorrect, the place of purchase LOOSES THE MONEY AND THE GOODS. The customer gets the money back, and the bank gets nothing out of it.

      And why not put the onus on us, the consumer? We are already responsible for many pin's and passwords in our life. Your EFTPOS pin is your responsibility. Your mobile phone number pin is your responsibility. Your password that you use to log into your computer at work... YOUR RESPONSIBILITY.

        I'd hate to be the spelling police, but "NIEVE" is an absolute howler. It's NAIVE!

    The next question is: is there a reason why we don't allow PIN Numbers (heh) longer than 4 digits? Sometimes a 7 digit number is easier to remember because it's more familiar to you..

      CommBank supports PINs between 4 and 12 digits in length - while the ATM may only ask for four when prompting for a change, I've typed six in with no problem.

      You can also change your PIN in NetBank or the mobile apps - put 12 digits in if you like ;-)

      More importantly, why don't they just let us set proper passwords?

    Good now next step. get rid of the magnetic strip.
    Make it chip only. then no one can skim the card.

      Won't be long before they figure out how to skim the chip.

        I don't know exactly how the security on the chip works, but I expect it would be similar to a SIM card, where the network issues some plaintext, and the chip has to encrypt that with the secret key stored in the chip, and then send it back. The only simple way to get the secret key out of the chip is with a known plaintext attack, and after the first version of SIM cards, requesting the encryption process often enough to determine the key in a practical amount of time causes the chip to brick itself.

        The only other way I can think of would be to open the chip up in a clean room, with absolutely no UV light around, and very carefully examine what's stored on it with a scanning tunnelling microscope. Of course, if you have access to this kind of equipment, do you really need to crack people's bank cards?

          I imagine the chips are pretty secure. PayWave/PayPass is a different story though. It took a little googling but only about 20 minutes of coding to whip up an app that runs on the trusty Nexus 7 to scan my PayPass details via the NFC reader. No decryption required, just a little bit shifting to get enough info to use in an online purchase.

          Last edited 23/01/14 7:02 pm

    What about transactions over the phone or internet??
    If the card can still be used over the phone without pin or sign then what is the point??

    On the last point - I have a 10 digit pin on my commbank eftpos card, and to use it in Europe I could just put in the first four numbers. A bit odd, but worth a try if you can't get it to work.

    A $100 is a LOT to a Pensioner. The Pin has been in use for over 25 years.It never disappeared to my knowledge. I used to sign Bugs Bunny and Fred Flintsone and no one would ever check and I stil got my goods. I HATE pass Pay, it should be outlawed. I can simply steal some guys card and go around and run his credit card up and as long as I do under $100 transactions I won't get caught.I applied to restrict my Credit Cadr liability down from $8,000 to $100 and the NAB said it would be a $300 minimum and later changed that to a $500 minimum so I couldn't reduce my limit.Years ago, I had a limit of $5,000 on Westpac and dropped it to $1,000 for security reasons and later asked for it to be re-instated.The bank manager stalled and stalled so I insulted him and my credit never got extended.I changed banks and they couldn't give me enough credit.Now I am well off I don't use them unless undrr an emergency I use a Debit Card cos it is more secure

    When someone uses your signature - it's fraud. Letting this legal deterrent slip for the sake of security is problematic. This is why secure wireless technologies need to replace both signatures and PINs.

    If you've spent any time in retail, you'll find a huge number of people don't even bother to sign their cards. At Xmas time, they go shopping with credit cards they haven't used in a year and have no clue about what the PIN ever was. I predict some interesting retail moments next Xmas when customers have to leave their goods at the counter because they can't use their cards.

    I did in fact cover my hand. The POS box was apparently compromised.

    wah, I never once claimed I was a stupidass who let someone else see me enter my PIN. The problem is that it was a compromised POS box that stole my details. AND, BTW, didn't charge me for the food -- so it never even submitted the transaction, apparently.

    I have a chipless AMEX card and have requested AMEX for replacement card which they will happily send by March next year. So my understanding is that I can't use my card as they won't supply PIN's for chipless cards - did I get that right

Join the discussion!

Trending Stories Right Now