For years, individuals relied on numeric combinations entered via plastic cards – known as coordinate cards – to authorize banking transactions.
However, these cards are nearing obsolescence, with some already non-operational, as banks transition to more technologically advanced authentication methods. This shift has not been without criticism, particularly regarding its potential impact on seniors and those less familiar with mobile applications and the internet.
In late July of last year, the Financial Market Commission (CMF) introduced recent minimum security, registration, and authentication standards for the financial sector, initially setting a deadline of August 1, 2025, for phasing out coordinate cards.
Concerns over the limited timeframe for adaptation – even prompting calls for greater flexibility from the Association of Banks and Financial Institutions (Abif) – led the Chilean regulator to postpone the deadline by one year, to August 1, 2026.
Coordinate Cards Phased Out
Despite the extended timeframe, several banks have chosen to accelerate the transition.
BancoEstado began deactivating coordinate cards for new users in November of last year, and extended the discontinuation to another group of customers starting February 6th.
According to the institution’s website, the coordinate cards issued to its clients “will be gradually discontinued,” with instructions sent to certain customers to activate BE Pass – a key-based system – or BE Face – facial recognition for transaction authorization.
Banco Santander has also informed its customers that this transaction method will be inactive starting March 9th.
Conversely, Banco de Chile has stated it will adhere to the CMF’s maximum deadline.
Public Reaction
The CMF’s directive, while based on the need for enhanced security, quickly drew criticism from the public. “It’s difficult for seniors to leverage apps for payments. The card was useful for doing it remotely,” read a comment reported by BioBioChile at the time.
Individuals interviewed by La Radio this week indicated that they had already deactivated the cards when the initial announcement was made. “I have that problem, I’m ‘digitally ignorant’,” one person lamented.
When amending Rule No. 538, the Financial Market Commission stated the measure aimed to “facilitate the transition to more robust authentication mechanisms, which help mitigate the risk of fraud for population segments that heavily rely on these printed media for their transactions.”
The move signals not only the end of the card, but also the mandatory implementation of Strong Customer Authentication (SCA) in certain cases, starting in August of this year.
What is SCA? It’s a process requiring the use of at least two independent and different authentication factors.
These factors include “something the user knows,” such as a password or personal identification number; “something the user possesses,” like token devices or portable cryptographic keys, one-time keys, payment cards, or mobile phones; and finally, “something the user is,” referring to the use of fingerprint or facial, voice, or behavioral data.
SCA will be mandatory for electronic fund transfers starting this August, “in all requests and modifications that allow the transaction, such as information associated with recipients and contracting recurring payments, among others,” according to the resolution.
For example, when sending $25,000 to a family member, the bank’s application may first request the typical security key – the “Pass” type – but also a one-time key via message, a fingerprint scan, or a facial scan. Some institutions already have these mechanisms in place for conducting operations.
This security method will also be required when a person becomes a bank customer, when entering personal data, changing passwords, and/or modifying security devices.
