The industry-wide move to require PIN at Malaysian point of sale (POS) as a form of customer verification for Malaysian credit, debit, charge and prepaid cards will start from mid-2015 as signature cards will be replaced with PIN cards. From 1 July 2017, signature will no longer be accepted on Malaysian payment cards for domestic transactions.

What is PIN?

A PIN, or Personal Identification Number, is a secret code that is either assigned to, or selected by customers to prove that they are the rightful owner of the payment card. PINs for Malaysian cards have six digits.

Why is PIN safer than signing?

PIN usage can help protect against fraud due to lost or stolen cards, because the card and the PIN are required to make a payment. This is why customers must always keep their PIN secret.

Do I need to change my POS terminal?

Yes. Your point of sale terminal software needs to be updated to enable prompting for PIN. This terminal software update will need to be completed before 1 January 2017.

Will customers receive new cards?

Yes, all customers will need to be issued with new cards because current cards do not support PIN for payment. Customers who have yet to receive new PIN cards will continue to pay using signature. All credit, debit, charge and prepaid cards in Malaysia will need to be replaced by 1 January 2017.

What happens if my terminal has not been updated yet and customers come with a PIN card?

It will process new PIN cards without prompting for PIN just like it does for existing signature cards, and the customer’s signature will need to be verified.

Can customers ask me to enter their PIN for them?

No. For security reasons, the customer’s PIN must never be shared with anyone, not even the employees of the card issuer.

What happens if customers enter the wrong PIN?

Before 1 July 2017, signature will be allowed if customers cannot remember their PIN. This is called PIN bypass.

PIN bypass is activated by pressing OK or Enter, depending on the terminal, instead of typing the PIN. Assist customers to use PIN bypass but only if they have forgotten their PIN. PIN bypass is not supported for contactless transactions. To bypass PIN if customers forget their PIN, perform a new transaction by inserting the card.

After 1 July 2017, PIN bypass will no longer be allowed for Malaysian cards and they will be automatically declined if PIN is prompted but not entered.

What if customers have not received new cards with PIN?

Before 1 July 2017, a terminal that has been upgraded for PIN will continue to accept signature cards and will not prompt for PIN but the customer’s signature will still need to be verified. After 1 July 2017, signature-only cards will no longer be permitted to be used in Malaysia.

Can a foreign signature card be accepted in Malaysia after Malaysia migrates to PIN & PAY?

Foreign issued signature based payment cards can still be accepted in Malaysia, and the transaction will be authorised with signature.

Do all transactions at my POS terminal need PIN?

No, not all transactions at point of sale will need PIN:

  • Low-value contactless transactions for amounts below a certain limit do not require PIN.
  • International transactions (with cards issued by banks outside Malaysia) may be approved with signature and not require a PIN.
Can customers still use the contactless option?

Yes. If the contactless card has a PIN, the terminal will prompt for PIN after the card is tapped on the contactless reader for transaction amounts above a certain limit. However, low-value contactless transactions do not require PIN or signature.

How will I know when PIN is required?

All you need to do is follow the prompts on the terminal. The payment terminal that is reading the card will determine if a PIN is required and if so, it will prompt for a PIN.

What if customers are not prompted to enter a PIN?

They will be asked to sign to authorise their transaction. Note that low-value contactless transactions for amounts below a certain limit will not require a PIN or a signature.

If I run a café, bar or restaurant business, what does this mean for me?

PIN transactions require customers to complete their payment where the terminal is physically located. For convenience, you may want to upgrade from a fixed-line terminal to a portable terminal.

Will PIN be used to make card transactions through the Internet or over the telephone?

No. The PIN that customers use at point of sale terminals or ATMs must never be entered into the Internet or provided over the telephone.

How can customers add a tip/gratuity in a restaurant?

Most terminals at restaurants should display the amount that customers are paying and ask if they wish to add a tip/gratuity, before prompting for PIN. Customers should simply follow the display prompts.