Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • adonis10
    • By adonis10 12th Sep 17, 7:30 AM
    • 1,477Posts
    • 194Thanks
    adonis10
    Contactless payment over /30
    • #1
    • 12th Sep 17, 7:30 AM
    Contactless payment over /30 12th Sep 17 at 7:30 AM
    I have a contactless transaction on my credit card for 36/32.42 but was sure that the limit is 30 in a single transaction. The vendor told me my payment declined and so I used another card so have been charged on both. Can contactless be used for over 30?
Page 2
    • adonis10
    • By adonis10 12th Sep 17, 1:09 PM
    • 1,477 Posts
    • 194 Thanks
    adonis10
    A lot of people use this argument but how many people do you know who have actually had money stolen due to contactless payments?. It doesn't happen hardly at all and when it does happen people get all their money back. If it was actually a big problem then the banks wouldn't be pushing contactless so much and agreeing to refund any fraud immediately.



    I can guarantee you will not be able to find even one case of someone skimming contactless cards to steal money. Even if someone was silly enough to try this they would need to have a card reader and a merchant account to collect the money. But as soon as a few people reported the lost money they would be very easy to track down and prosecute. Also considering that it takes a few days to receive the money from a card payment they would likely be stopped before they got a penny.

    So there are lots of scare stories but in reality your very unlikely to be affected it.

    The real benefit of contactless is places such as the london underground where there is a high throughput of people and allowing devices such as watches and mobile phones to be used to make payment.

    But when it comes to card payments then why should we have to enter a pin when it isn't needed. The pin doesn't protect the user of the card it only protects the bank and they can use it to prove you made a transaction if you question it. If there is any fraud the only party to loose out are the bank so if they say we don't need to use a pin for some transactions then i'm certainly not going to complain.
    Originally posted by takman
    Good points, well made.

    I don't have the stats to back it up but I find it hard to believe that there has not been a significantly higher amount of fraudulent transactions using contactless v chip and pin. I also imagine that the banks would only release information to make the system sound positive, or manipulate the reality to make it sounds positive. But that would mean banks manipulating something for their own benefit and I cannot believe they'd ever do that.
    • cloud_dog
    • By cloud_dog 12th Sep 17, 1:45 PM
    • 3,254 Posts
    • 1,816 Thanks
    cloud_dog
    So there are lots of scare stories but in reality your very unlikely to be affected it.
    Originally posted by takman
    Au contraire Slackbladder, I've been affected.

    The bank trapped it so, obviously their monitoring software is very good, and I wasn't financially adversely affected. The CC company wouldn't confirm how the fraudulent transaction was instigated. It was a new card and the first contactless payment card (from Tesco CC) I'd had.

    The annoying thing was that I was then without the CC for 7 days whilst a new one was organised.
    Personal Responsibility - Sad but True

    Sometimes.... I am like a dog with a bone
    • takman
    • By takman 12th Sep 17, 1:58 PM
    • 2,825 Posts
    • 2,360 Thanks
    takman
    Au contraire Slackbladder, I've been affected.

    The bank trapped it so, obviously their monitoring software is very good, and I wasn't financially adversely affected. The CC company wouldn't confirm how the fraudulent transaction was instigated. It was a new card and the first contactless payment card (from Tesco CC) I'd had.

    The annoying thing was that I was then without the CC for 7 days whilst a new one was organised.
    Originally posted by cloud_dog
    I didn't say nobody has been affected by it so i'm not surprised someone from this vast forum has!.

    But what exactly happened? Did the card get lost or did you still have the card and just received call out the blue saying there was a fraudulent contactless transaction?
    • cloud_dog
    • By cloud_dog 12th Sep 17, 3:15 PM
    • 3,254 Posts
    • 1,816 Thanks
    cloud_dog
    Just received a call from the call centre out of the blue.
    Personal Responsibility - Sad but True

    Sometimes.... I am like a dog with a bone
    • Robisere
    • By Robisere 12th Sep 17, 3:37 PM
    • 1,850 Posts
    • 2,644 Thanks
    Robisere
    It's not the card that's unsafe, it's usually the account holder not taking sufficient care of it. Mine is removed from the RFID-proof wallet, used and put back immediately. I keep every receipt until the payment is taken, then shred them. And I have one arm restricted, due to mobility problems.

    2 weeks ago I had to call after a young man who left his card on the counter at Superdrug.
    There may be more than one way to skin a cat.
    But the result is always inedible.

    • sccooter
    • By sccooter 3rd Nov 17, 12:28 AM
    • 13 Posts
    • 3 Thanks
    sccooter
    like Robisere says above you can get special wallets that shield your contactless cards until you take them out that might be helpful. example below:
    https://youtu.be/5C574p2uPII
    • glennevis
    • By glennevis 3rd Nov 17, 1:02 AM
    • 123 Posts
    • 86 Thanks
    glennevis
    Money saving tip. For about 10p each (pack of 25) I got RFID blocking plastic sleeves to store my contactless cards in. The edges of the sleeves can be trimmed with scissors so the cards still fit in my existing wallet. A lot cheaper than a new wallet.
    • AllieKat
    • By AllieKat 3rd Nov 17, 9:05 AM
    • 7 Posts
    • 4 Thanks
    AllieKat
    So the card can be cancelled but still used for contactless payments? That is outrageous. How on earth was contactless brought in with such a flaw?
    Originally posted by adonis10
    As noted above, it isn't a flaw, but no one seems to have really got into the 'why?'

    When contactless was first introduced, terminals were generally connected by dial-up lines and took ages to process. The idea of running all contactless offline was to make it an instant, cash-like experience. Online wasn't even supported, generally, in the UK. Instead, you had an offline transaction counter that, once hit, forced the card to be inserted. You also had a per-transaction limit.

    This is a risk banks take to offer you a better experience, and you are never out the money for fraud as long as you take reasonable care, and report the card stolen as soon as you realise it (and you realise it in a reasonable time, etc). It doesn't matter if additional offline transactions happen, you aren't liable.

    Yes, contactless could have been made online-only, but it would have been a poor experience on dial-up terminals. The US launched contactless this was (mostly because the security measures to protect against cloned cards, even contactless, in the US have historically been much worse, so the banks needed to check if a card was cancelled). Visa is making this change now. Any mobile payment has always been online. Mastercard and Amex are increasingly pushing payments online, though not very small transactions yet.

    As for the limit, British banks agreed together on the (currently) 30 limit for contactless transactions with no CVM (Cardholder Verification Method). This provides consistency of marketing and sets consumer expectations. CVM on contactless has traditionally been difficult here: offline PIN isn't supported (do not confuse offline PIN with offline authorisation, they're unrelated - offline PIN is normal for all transactions in the UK and means the PIN is checked by the card) since contactless doesn't keep the card around after PIN entry to check the PIN was correct, online PIN is not widely supported in the UK, and signature is not considered acceptably secure to most UK banks. Mobile payments, however, introduce CVM to contactless in the UK for the first time by using CDCVM - Consumer Device Cardholder Verification Method. This allows the phone itself to verify you securely as the cardholder, using your fingerprint or phone PIN. Thus, there is no limit on these transactions generally (One bank has a 100 limit on Android, but their app is terrible, so it's no surprise to me they don't trust it above that).

    Other countries may have no limits at all, or different CVM standards. In the US, for example, the standard for ALL transactions - contact chip, contactless, and magstripe is either signature or no CVM depending on the amount. Contactless (EMV mode) is equally secure to contact (and far more secure (even in magstripe emulation mode) than magstripe, still widely used there), so there is no limit.

    Now, back to your original question - when all the banks were happily agreeing that contactless in the UK was always no CVM and 30 limit, terminals were hard programmed with the 30 limit. Today, that's generally been removed if a terminal supports CDCVM to allow >30 transactions. How the terminal behaves may vary, the terminal may still refuse to proceed if CDCVM isn't available, but it may not - it may just (and, by the standards probably should) simply submit the transaction online for authorisation (since it's over 30 it should never happen offline per the card, even amounts smaller than that usually won't anymore); and it depends how touchy your bank is whether it gets approved or not.

    The important thing to remember, is that this is a risk your BANK takes to keep you happy. Approved transactions = happy customers. You're never liable for fraud. They took on the risk if they approved it. Same with getting your PIN wrong. I saw a hilariously bad article in a major newspaper recently about the 'horrible flaw' that if you entered your PIN wrong three times, the card would revert to chip and signature and still work.

    It's. Not. A. Flaw. Offline PIN, to prevent offline cracking, has a three-attempt counter. If you use up the three attempts, it will move to the next CVM in the list, which is usually either signature or online PIN (which British terminals usually don't support, and will thus move on again, to signature).

    The authorisation message to the bank (since the first supported CVM failed, this has to go online) will note 'offline PIN failed, signature succeeded'. Signature is considered a much weaker CVM by most banks, and they make a risk management decision to approve or decline it. If it's for a purchase you regularly make, in your home area, many banks will approve it to keep you happy, assuming you just messed up your PIN - especially if the amount is small and they're not out much if they get it wrong. If you go and do the same thing for a diamond engagement ring, it will almost certainly be declined!

    /end of long message, but I hope it comforts you that these things aren't flaws, they're intentional risk management decisions and you aren't liable if the bank gets their guesses wrong. But they usually don't, and when they get them right, your transactions go through and you're on your way. Ultimately, that's the goal. They could implement truly secure multi-factor auth on every transaction, but people don't really want security. They'd all switch to cash. Which, you'll note, is far less secure than any of this - you have no protection against theft whatsoever.

    P.S. The reason the US can be so much more lax is that shops are charged far higher fees to take cards in the US than in the UK, so the banks can afford to get it wrong more often.

    P.P.S. RFID blocking wallets are a waste of money... modern EMV mode contactless is extremely secure against counterfeit card fraud. The idea of someone brushing up against you and copying your card is a complete work of fiction in EMV mode (and even in magstripe emulation mode, not that easy to do, and they wouldn't get a perfect copy, just the ability to pre-play a transaction)
    • flavione74
    • By flavione74 3rd Nov 17, 9:09 AM
    • 14 Posts
    • 4 Thanks
    flavione74
    I have a contactless transaction on my credit card for 36/32.42 but was sure that the limit is 30 in a single transaction. The vendor told me my payment declined and so I used another card so have been charged on both. Can contactless be used for over 30?
    Originally posted by adonis10
    From my experience in Italy and Poland, yes, the POS machine won't refuse the card when you use it contactless for amounts higher than e.g. 25 euros - you just need to type your PIN (or sometimes sign the receipt) to complete your transaction.
    • zerog
    • By zerog 4th Nov 17, 1:22 PM
    • 2,302 Posts
    • 782 Thanks
    zerog
    The contactless limit in Australia is $100, double the UK's and I don't see the amount of complaints that I see in the UK, neither do people seem to worry about it as much as they do in the UK.

    (I don't think I interact with a particularly different groups of people in Australia compared to the UK, and I think I consume the same sorts of media - though obviously it's all anecdotal anyway.)

    A$100 is a much more useful limit than 30 as you can use contactless for things like filling up a vehicle, a weekly supermarket shop or a restaurant meal for 2.
    • AllieKat
    • By AllieKat 4th Nov 17, 2:16 PM
    • 7 Posts
    • 4 Thanks
    AllieKat
    The contactless limit in Australia is $100, double the UK's and I don't see the amount of complaints that I see in the UK, neither do people seem to worry about it as much as they do in the UK.

    (I don't think I interact with a particularly different groups of people in Australia compared to the UK, and I think I consume the same sorts of media - though obviously it's all anecdotal anyway.)

    A$100 is a much more useful limit than 30 as you can use contactless for things like filling up a vehicle, a weekly supermarket shop or a restaurant meal for 2.
    Originally posted by zerog
    I expect the UK no CVM contactless limit will go up, and that forcing all contactless online is the precursor to this. My bet is on 50.

    Australia also has wide support for online PIN, I believe? That is, if you tap for over $100 does it decline, or does it just prompt for PIN? The latter requires online PIN support not configured on most UK terminals.
    • bobblebob
    • By bobblebob 9th Nov 17, 10:06 PM
    • 490 Posts
    • 78 Thanks
    bobblebob
    Have wondered for a while why dont they have fingerprint payment. Works the same way as contactless but yits authorised with your fingerprint. Then i read this

    Our fingerprints are quickly replacing PINs and passwords as our primary means of unlocking our phones, doors and safes. They're convenient, unique, and ultimately more secure than easily guessed or forged passwords and signatures. So it makes sense that fingerprint sensors are coming to protect our credit and debit cards. Mastercard is testing out new fingerprint sensor-enabled payment cards that, combined with the onboard chips, offer a new, convenient way to authorize your in-person transactions. Instead of signing a paper receipt or entering your PIN while struggling to cover up the number pad, you simply place your thumb on your card to prove your identity.

    The new cards are currently being tested in South Africa, and Mastercard hopes to roll them out to the rest of the world by the end of 2017. Even if that happens, though, you'll still have to wait for your bank or financial institution to get on board.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

3,051Posts Today

7,324Users online

Martin's Twitter
  • Have a lovely weekend folks

  • Interesting, most people say they would champion a policy from a party they usually oppose. Yet is anyone brave eno? https://t.co/MWYGHunAqu

  • RT @MSE_Deals: The MSE deals team are in the office nice and early to bring you full analysis of all the #BlackFriday deals throughout the?

  • Follow Martin