MPs push banks to take responsibility (at last)
Interesting times we live in. While contactless cards may have changed the way that entire populations spend their money, there has always been that element of society that looks to exploit weaknesses in the system for their own gain. Contactless cards represent a huge opportunity for such individuals.
So it should come as no surprise that the UK's Financial Conduct Authority is co-ordinating an initiative to address the risks of fraud on contactless cards that have been reported as lost or stolen.
The UK's contactless card programme was derided as 'chaotic' by consumer groups and MPs after it emerged that customers can still be subject to fraudulent transactions up to eight months after reporting lost or stolen cards. An investigation by consumer Website moneysavingexpert.com in September last year discovered that customers, whose cards had been cancelled still needed to comb through months of statements to check for fraudulent transactions.
The issue was taken up the UK's Treasury Select Committee, which wrote to the FCA demanding that banks take action. Andrew Tyrie, chairman of the Treasury Committee, said, "As things stand, in order to mitigate the risk of fraud, customers are expected to comb through their bank statements months after they have instructed their banks to block their lost or stolen cards. That seems unreasonable. The Treasury Committee has urged the FCA to sort this out. So the package of measures to resolve this problem, which the FCA proposes in their letter to the committee, is welcome."
In a letter to the Treasury Committee, FCA chairman John Griffith-Jones points out that while the risk to consumers remains relatively low at just 0.5% of all contactless transaction, “we agree that public confidence could be eroded without further action". The key risks to consumers occurs from transaction at retailers who process payments offline, which affects some 45% of all card purchases. "Some, but not all card issuers, have systems that identify and block all cancelled card transactions before they are debited from customer accounts," says Griffith-Jones. "This is one of the solutions that we would like see adopted by all card issuers."
Other measures entail removing the onus on customers to identify fraudulent transactions and raising awareness among retailers of the Industry Hot Card file, which contains information on over 7.2 million UK cards which have been reported lost, stolen or compromised.
Tyrie commented: “As things stand, in order to mitigate the risk of fraud, customers are expected to comb through their bank statements months after they have instructed their banks to block their lost or stolen cards. That seems unreasonable. The Treasury Committee has urged the FCA to sort this out. So the package of measures to resolve this problem, which the FCA proposes in their letter to the committee, is welcome."
Rachel Reeves, a member of the Committee also welcomed the moves adding, "The security flaws that allow fraudsters to use contactless cards even after they have been cancelled need to be tackled urgently. Customers are in the unacceptable situation that they are still vulnerable to fraudulent transactions - despite reporting their cards lost or stolen.The current chaotic system needs to be reformed to minimise the risk to consumers of fraudulent transactions. Bank customers must have full confidence the system works and that their money is safe. That's not the case at present."
The issue generally lies in contactless card payments being processed in one of two ways - online or offline. When payments are processed online, the card and payment machine immediately communicate with the customer's bank. If a lost or stolen card has been cancelled, this will be flagged immediately and a payment not allowed. Offline payments are stored in batches by retailers and processed online to the bank at a later point, sometimes a few days later with smaller stores. This can allow a thief buying goods on a stolen card to go undetected.
But fraudsters can be tripped up, if the contactless card has been used the maximum number of times before a pin is required. The limit before a pin is required varies between card issuers and account types. Firms may also set a "floor limit" at which payments are forced to go online - meaning anything above a certain amount is checked out immediately with the issuing bank. Some cards may always have to go online.
The letter released by the Treasury Committee also says that later this year, Visa will require that almost all Visa contactless transactions in the UK are online authorised. Given Visa's large market share, it is likely this will significantly reduce offline processing of contactless transactions, correspondingly reducing contactless card fraud, the letter said.
We agree…
Steve Atkins
Contactless Intelligence
![]()
