Chilean banks are phasing out decades-old security cards, known as “tarjetas de coordenadas,” in favor of more robust digital authentication methods, a transition that is raising concerns for elderly citizens and those with limited digital literacy. Even as the official deadline for eliminating the cards was pushed back to August 1, 2026, several institutions, including BancoEstado and Santander, have already begun disabling them for certain customers.
The move stems from a decision by the Comisión para el Mercado Financiero (CMF), Chile’s financial market commission, to implement stricter security standards for financial transactions. Initially, the CMF mandated the conclude of the cards by August 2025, but the timeline was extended following criticism that it did not allow sufficient time for adaptation, particularly among vulnerable populations. The CMF stated the change aimed to “facilitate the transition towards more robust authentication mechanisms” and mitigate fraud risks, especially for those heavily reliant on the physical cards.
BancoEstado began deactivating the cards for new users in November 2025, and expanded the phase-out to another group of customers on February 6, 2026. The bank is directing customers to activate BE Pass – a key-based system – or BE Face, which utilizes facial recognition, to authorize transactions. Santander followed suit, announcing on March 9, 2026, that the card method would no longer be available for its transactions. Banco de Chile, however, intends to adhere to the CMF’s final deadline of August 1, 2026.
The shift has sparked debate among citizens. Concerns center on the potential for excluding those unfamiliar with smartphones and online banking. “It’s a bit difficult for older adults to use apps for payments. The card was useful for doing it remotely,” one individual commented to BioBioChile last year, reflecting a sentiment echoed by others. A recent survey of Santiago residents revealed similar anxieties, with one person lamenting, “I had already cancelled [the card] the first time they said it would end… I have that problem, that I’m a ‘digital ignoramus.’”
The transition coincides with the mandatory implementation of Strong Customer Authentication (SCA), or “Autenticación Reforzada de Clientes” (RCA), beginning in August 2026. The RCA requires users to employ at least two independent authentication factors. These factors fall into three categories: something the user knows (like a PIN or password), something the user possesses (such as a token, mobile device, or payment card), and something the user is (biometric data like fingerprints or facial recognition).
Under the new regulations, RCA will be required for electronic fund transfers and modifications to transaction settings, including adding new recipients or setting up recurring payments. For example, when attempting to send 25,000 Chilean pesos to a family member, a bank application may now require not only a standard password but also a one-time code sent via SMS, a fingerprint scan, or facial recognition. The CMF’s changes also apply to new customer onboarding, password changes, and security device modifications.
