• Ian Johnson, SVP/Managing Director Europe at Marqeta


• 10.05.2021 09:15 am
payments , Fraud Management

The widely anticipated new £100 contactless card limit has now been unveiled as part of the 2021 budget for the UK. The new limit is designed in part to be a ‘morale boosting’ break from EU laws, and will be welcomed by many. It would be irresponsible, however, for the UK to get swept up in a show of post-Brexit autonomy and raise the limit without recognising the risks.  

Most pressing is the question of security. Upping the limit provides a more convenient experience for consumers and gives them less need to touch pin pads, which is a big plus amid a pandemic. But any new convenience afforded to a card owner will also be afforded to whoever else might get their hands on their card.

A higher contactless card limit makes it significantly easier for fraudsters to spend large sums of money in one swoop, as a pin will only be requested intermittently, depending on the cap on the number of contactless transactions set by the card issuer. As a pin is not requested for every transaction, fraudsters could potentially make off with hundreds of pounds if the new limit is approved. 

Trusting consumers to quickly notice and cancel a lost card seems like the obvious way around this problem. Not so. Research suggests that while 1 in 20 adults lose their card every few months, only 23 percent cancel immediately. People frequently lose a card without realising, fail to check their statements often enough to spot irregularities, or simply procrastinate and put off  the simple admin of canceling a lost card. This hands fraudsters gaping windows of time to exploit, and leaves banks bearing the brunt of the cost of fraud.

The contactless experience at the point of sale is clearly and widely socialised and expected. The answer isn’t physical cards though. Digital wallets and virtual cards offer the same convenience, with no security risk. For one thing, increased digital wallet use makes the current spending limit debate irrelevant: Apple Pay and Google Pay have no spending limit, although merchants can still choose to set one.

Despite some lingering resistance to making payments on the phone, digital wallets offer greater security than physical cards. Physical cards are protected by the occasional request for a pin number, digital wallets are protected by a mobile phone’s built-in biometrics. A fingertip is much harder to steal or clone than a plastic mag strip. Even if a criminal successfully stole a phone, the cards stored virtually within it would still be protected by a face or finger ID requirement. With more than 80 percent of UK adults owning a smartphone, ubiquitous and secure contactless payments are at our fingertips.

Of course, privacy concerns must be addressed. Digital wallets suffer from misunderstandings around how data is used, which could be holding some back from fully embracing Apple Pay or Google Pay. This likely stems from a lack of trust in big tech, with people in the UK three times more likely to trust their bank compared to tech giants.

Part of this is a lack of awareness that payments processed through a mobile wallet are tokenized, with a customer’s primary account number replaced with a sequence of randomly generated numbers. This allows a transaction to be processed without exposing bank details. Apple Pay says that it doesn’t retain any transaction information that can be tied back to individuals, and Google Pay asserts that it never sells transaction data or history to third parties

The key to seeing wider adoption of digital wallets will be educating consumers about the benefits and increasing confidence with consumers that their information will not be misused. If this can be done, it will offset the rise in fraud we’ll likely see when the new contactless limit arrives. 

Raising the contactless limit to £100 is not a bad idea – it’s just fraught with risk. To make it successful, banks and big tech alike must educate consumers that, with digital wallets, they can have their contactless convenience and security too.