Immediately following the announcement by the UK Treasury of the increase in the contactless limit to £100 on the 3rd March 2021, the BBC ran a news article1 explaining the impact of the change. Within a few days nearly 2,000 comments had been left on the BBC news page and a significant number of the commentators were far from supportive of the move. Some asked how they could opt out of the increased limit whilst others were even wanting their issuer to exchange their existing card for one without a contactless capability. Why is this? Why hasn’t the increase been universally welcome? Most concerns point directly to a consumer perception around a lack of security.
Without a doubt one of the big success stories within payments in recent years has been the adoption of contactless cards, with even the US market now issuing more dual interface, contactless cards than any other type. The reason is simple, the convenience and speed of simply tapping to pay makes the whole payment process quicker and easier.
Then Covid came along and turbo-charged the contactless use case as consumers, after weeks of being told to wash their hands for 20 seconds, started to shun the PIN terminal. The £30 limit was raised to £45 and the contactless transaction rates shot up, culminating in 88.6%2 of in-store card payments now being recorded as contactless. The revolution had started and the future of the PIN as a popular authentication method brought into question.
From their introduction in 2007, there has always been an underlying consumer perception around a lack of security with contactless cards. Not surprisingly, following the campaign to bring in Chip and PIN as a far more secure authentication method than signatures, the idea of no authentication was bound to raise a few questions. The stories of a fraudster walking around busy markets with a POS terminal simply clocking up phantom sales proliferated, and never really went away.
To combat this the consumer was reassured by limiting the single transaction value and including a maximum total on contactless transactions before a PIN must be used. It worked, with consumers adopting the product and contactless fraud hardly registering3. In other words, the potential value of a card to a fraudster wasn’t enough to drive any significant increase in contactless card fraud. On this basis it seemed reasonable to raise the limit to £45, in April 2020, and now to £100.
With this most recent increase in both the single transaction value and the total contactless transaction value the contactless limits have been increased by 2.2 and 2.3-fold respectively – a significant change. Does this change the game for fraudsters? Judging by the response of the BBC, it has certainly resurfaced those long held, underlying security concerns.
The justification of these rises is in part down to the previous limit rises having no corresponding increase in contactless fraud, in fact some issuers reported a decrease. However, my concern is that these results have not been based on the experience of the real world, they’ve literally been masked by Covid. With the country largely locked down (or at least with services severely restricted) for much of the period around the increases, the opportunity to steal cards had been all but eliminated. A lack of attention on a busy train, an unattended wallet, a card dropped accidently, etc. have all been situations that have drastically reduced thereby cutting the fraudster’s opportunity. Only time will tell whether the £300 total limit will be enough to put fraudsters off but in the meantime, there is a need to address the consumer confidence issue.
The obvious way to get all consumers embracing this new contactless limit is to introduce some form of authentication for contactless card payments. Whilst some will argue that mobile payments will do this it ignores the fact that most consumers prefer to use a physical card4 in-store and will continue to do so for the foreseeable future. The answer is the biometric card, a technology that has come of age at the perfect time. With this product not only are the security concerns addressed but the opportunity to never need touch the POS again becomes a reality.
Issuers need to act now to drive confidence and build on the success of contactless payments during the past year by responding positively to consumers’ security concerns. The biometric payment card is the answer.
Views expressed are my own.