Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • harttss3
    • By harttss3 21st May 19, 10:14 AM
    • 15Posts
    • 4Thanks
    harttss3
    Contactless cards
    • #1
    • 21st May 19, 10:14 AM
    Contactless cards 21st May 19 at 10:14 AM
    I think it would be a great idea if banks would allow you to set an alarm cap on spending via contactless, say perhaps 3 contactless transactions in one hour trigger a need to enter a pin. This would be particularly useful if you lost or had your card stolen and didn't immediately know. £30 transactions can soon empty your account. My bank, Nationwide, have told me this is not something they would consider.
Page 3
    • Terry Towelling
    • By Terry Towelling 25th May 19, 1:21 PM
    • 1,614 Posts
    • 1,346 Thanks
    Terry Towelling
    I'm assuming that Chino is simply relaying the figures mentioned in the article quoted by the poster they were responding to at post #26 above:
    Originally posted by eskbanker
    Yes, but I was rather hoping that Chino would respond to aid my understanding of the depth of their knowledge of contactless fraud. In particular, is 2739 the number of people affected, the number of transactions or just the number of individual reports received by ActionFraud. That number doesn't tie up with other figures from ActionFraud, such as contactless fraud standing at £1.8 Million. Assuming no transaction exceeded £30, this gives rise to a number of fraudulent transactions in excess of 60,000.

    It might also be reasonable to assume that the value of fraudulent contactless transactions is likely to be nearer the £30 limit than the apparent average contactless transaction value of somewhere between £9-£10 (if the figures of 7.4 Billion contactless transactions with a total value of £69 Billion are accurate).

    That figure of 2739 has already led to one contributor assuming that it is the number of fraudulent transactions (which it can't be) and thereby calculating a fraud rate of 0.002% (which is a massive underestimate). For 3% of all fraud (by value - as provided in one of your posts) to be down to contactless is hugely significant given their generally low value.

    One can only hope the introduction of the zero-floor-limit will reduce this problem - although, as we all know, it will probably just move the fraud elsewhere - perhaps to an area where it is more difficult to contain.
    Last edited by Terry Towelling; 25-05-2019 at 3:47 PM. Reason: grammar
    • Ergates
    • By Ergates 25th May 19, 4:46 PM
    • 474 Posts
    • 669 Thanks
    Ergates
    That figure of 2739 has already led to one contributor assuming that it is the number of fraudulent transactions (which it can't be) and thereby calculating a fraud rate of 0.002% (which is a massive underestimate).
    Originally posted by Terry Towelling
    No, I calculated it based on £1.8 million / £69 billion.
    It is crystal clear from the quoted article that 2739 isn't the number of transactions, it's the number of reports.

    If you don't like the £1.8 million figure, lets use the 3% by value figure. Card fraud in the UK is estimated at £2 billion p.a.. 3% of that is £60 million. Which represents 0.08% of total contactless payments. Whichever figure is correct, it's still pretty low.

    For 3% of all fraud (by value - as provided in one of your posts) to be down to contactless is hugely significant given their generally low value.
    Originally posted by Terry Towelling
    Not really, no. In terms of "What type of fraud should I be worried about", then it's almost irrelevant.
    In terms of fraudster initiated payments, then some goon nicking your wallet (or finding a lost card) and running to the nearest off-licence to buy some booze or some amazon vouchers isn't your main concern. It's the more organised criminal who uses your card to make online purchases (which aren't limited to £30 a pop and which are also harder to disprove and hence claim back) who is your main threat..

    The real nasty types of fraud are the payer-manipulated-by-fraudster ones, because a lot of the time you're stuffed in terms of getting your money back.
    • eskbanker
    • By eskbanker 25th May 19, 4:50 PM
    • 10,640 Posts
    • 13,047 Thanks
    eskbanker
    Yes, but I was rather hoping that Chino would respond to aid my understanding of the depth of their knowledge of contactless fraud. In particular, is 2739 the number of people affected, the number of transactions or just the number of individual reports received by ActionFraud.
    Originally posted by Terry Towelling
    Chino's wording was simply a straight copy of what's stated by AF in that linked article, i.e. "2,739 reports of contactless card fraud, totalling almost £1.8 million". As you rightly observe, this can't be the number of transactions given the value, and my assumption would be that a contactless card being used fraudulently will typically be used for multiple transactions, hence the further comment that "Average losses investigated by detectives were between £90 and £652 but the largest single contactless card fraud case reached £400,000, stemming from multiple purchases".

    It might also be reasonable to assume that the value of fraudulent contactless transactions is likely to be nearer the £30 limit than the apparent average contactless transaction value of somewhere between £9-£10 (if the figures of 7.4 Billion contactless transactions with a total value of £69 Billion are accurate).
    Originally posted by Terry Towelling
    I'd agree that if you were going to embark on contactless fraud then doing so at or close to the £30 threshold makes more sense than the lower average figure.

    That figure of 2739 has already led to one contributor assuming that it is the number of fraudulent transactions (which it can't be) and thereby calculating a fraud rate of 0.002% (which is a massive underestimate). For 3% of all fraud (by value - as provided in one of your posts) to be down to contactless is hugely significant given their generally low value.
    Originally posted by Terry Towelling
    Hugely significant in what way?

    According to https://www.finder.com/uk/credit-card-statistics, contactless spend was about 10% of total card spend by value in January 2019 (versus about 40% by transaction volume), so if fraudulent contactless spend is only 3% of the total for all cards then that suggests that contactless is some way below the average fraud level, is that what you meant?

    One can only hope the introduction of the zero-floor-limit will reduce this problem - although, as we all know, it will probably just move the fraud elsewhere - perhaps to an area where it is more difficult to contain.
    Originally posted by Terry Towelling
    What problem?!
    • Terry Towelling
    • By Terry Towelling 25th May 19, 8:26 PM
    • 1,614 Posts
    • 1,346 Thanks
    Terry Towelling
    Apologies, Ergates (I wasn't 'having a go') I didn't check the maths in your post and made the false assumption that you'd used Chino's 2739 figure as a transaction number in your calculation. Yes, I know it is clear from the article that this is reports to ActionFraud and not transaction numbers - I was trying to gauge the other poster's position on the figures they were quoting because I gained the impression they thought that 2739 reports to ActionFraud was the total number of contactless fraud cases - which it isn't. Sadly, other posts now mean that poster has been saved the effort of responding.

    Anyway, card fraud in 2018 on UK issued cards stood at around £671m (I believe - sorry not sure where the £2 billion figure comes from). That's up by about 20% on 2017. Of that £671m I'm led to believe that £95.1m was on Lost & Stolen (L&S) cards (which includes contactless). Contactless fraud was £19.5m in 2018 meaning it was 20% of L&S. Consider also that L&S fraud has risen by about 66% in the past 4 or so years - probably alongside the rise in contactless transactions.

    Another measure of contactless fraud might be to compare it to the total amount of face-to-face fraud. In 2018 about £70m was lost in face-to-face fraud. Contactless losses were therefore 28% of all face-to-face fraud. Face-to-face losses have grown by 40% over the past 4 or so years - again probably in line with contactless transactions.

    Comparing contactless fraud to contactless transactions and getting a low percentage is more an indication that customers prefer to use contactless - but I do concede that some of the contactless safeguards do have a limiting effect on fraud volumes. If customers lost confidence in contactless as a payment method, the fraudsters wouldn't and the percentages would tell you that contactless fraud is quick, easy and a problem.

    In my view, the change in L&S and face-to-face frauds are the key stats because that's where most contactless fraud sits. You may view £19.5m as a drop in the ocean but it has been an increasing issue. We've already seen the implementation of a zero-floor-limit for contactless and from September this year I believe we will see consecutive contactless transactions limited to either 5 in number or a cumulative total of £130 - yet more signs that contactless fraud is being viewed as a serious and growing problem.
    • eskbanker
    • By eskbanker 25th May 19, 11:46 PM
    • 10,640 Posts
    • 13,047 Thanks
    eskbanker
    I'd suggest that, especially in the context of figures being challenged or disputed, it would probably be helpful to quote sources! It looks like Terry's numbers are from the UK Finance report at https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202019%20-%20FINAL%20ONLINE.pdf, which seems like a reasonable source to use....

    Another measure of contactless fraud might be to compare it to the total amount of face-to-face fraud. In 2018 about £70m was lost in face-to-face fraud. Contactless losses were therefore 28% of all face-to-face fraud. Face-to-face losses have grown by 40% over the past 4 or so years - again probably in line with contactless transactions.
    Originally posted by Terry Towelling
    There are obviously any number of ways of interpreting and spinning statistics but it seems pointless to me to be drawing speculative conclusions from trends that simply reflect the growing use of contactless technology, when the key issue at hand in this thread is the relative security of contactless versus non-contactless. I'd observe that the UK Finance report (p23) echoes my point, albeit mixing the value and volume analyses:
    Fraud using the contactless technology on payment cards and devices represents just 2.9 per cent of overall card fraud losses, while 36 per cent of all card transactions were contactless last year
    In my view, the change in L&S and face-to-face frauds are the key stats because that's where most contactless fraud sits. You may view £19.5m as a drop in the ocean but it has been an increasing issue. We've already seen the implementation of a zero-floor-limit for contactless and from September this year I believe we will see consecutive contactless transactions limited to either 5 in number or a cumulative total of £130 - yet more signs that contactless fraud is being viewed as a serious and growing problem.
    Originally posted by Terry Towelling
    Again that's interpretation rather than fact - these changes aren't a reactive response to a fraud issue but are simply a by-product of the UK implementing PSD2 as part of harmonising practices across Europe, as UK Finance makes clear:
    From September 2019, new rules (the EUís second Payment Services Directive (PSD2)) will require a PIN once a customerís total contactless payments exceed a cumulative value of roughly £130 (Ä150) or when five payments have been made.
    TL;DR - is contactless fraud increasing? Yes, because its use is becoming more widespread.
    Is fraud from contactless a more prevalent issue than from non-contactless? No, clearly not, based on the published statistics!
    • 18cc
    • By 18cc 26th May 19, 10:27 AM
    • 1,556 Posts
    • 1,131 Thanks
    18cc
    I have been following the discussions about about contactless fraud with interest thank you all for taking the time to post such detailed information.

    I think most people would agree that the chances of any fraud on your credit card is very low and the chances of contactless fraud even lower

    I would like to repeat what I said earlier in that the reason some people don't want contactless card is more emotional than actually based on hard fact and there's nothing wrong with that. I for one do not want to carry around lots of contactless cards even though I know the risk of them being used fraudulently is extremely low

    I would also point out another thread where Asda seems to be accepting contactless payments of £90 and above and if this becomes generally the case it will be even more worrying for those who are worried about contactless at £30 level
    • Terry Towelling
    • By Terry Towelling 26th May 19, 12:35 PM
    • 1,614 Posts
    • 1,346 Thanks
    Terry Towelling
    I'd suggest that, especially in the context of figures being challenged or disputed, it would probably be helpful to quote sources!

    Well, perhaps ,but my original intention had nothing to do with disputing statistics (regardless of whether they were right or wrong). It was actually an attempt to get another poster to validate their understanding of a statistic they had quoted. They still haven't done that and now they no longer have to!

    There are obviously any number of ways of interpreting and spinning statistics but it seems pointless to me to be drawing speculative conclusions from trends that simply reflect the growing use of contactless technology, when the key issue at hand in this thread is the relative security of contactless versus non-contactless. I'd observe that the UK Finance report (p23) echoes my point, albeit mixing the value and volume analyses:

    Clearly, increasing the availability of a payment channel that is fraud prone is going to increase the fraud passing through it. My view is that there is no point in viewing contactless fraud in terms of contactless usage; it is more appropriate to view it in terms of its proportion of fraud in the categories where it occurs - which is predominantly card-present and L&S situations - no 'spinning' is required. As a 'secure' payment method, there is probably little to choose between contactless and CHIP & PIN as long as the card is in the hands of the rightful cardholder - but it is almost completely insecure when in the hands of an unauthorised user (the zero-floor limit will have changed that a bit of late).

    Again that's interpretation rather than fact - these changes aren't a reactive response to a fraud issue but are simply a by-product of the UK implementing PSD2 as part of harmonising practices across Europe

    So, why was it felt necessary to harmonise practices in this way? Was it to help customers know what they could expect right across Europe, or was it to ensure that contactless fraud didn't move across borders within Europe to find the 'path of least resistance' to fraud?

    TL;DR - is contactless fraud increasing? Yes, because its use is becoming more widespread.
    Is fraud from contactless a more prevalent issue than from non-contactless? No, clearly not, based on the published statistics!

    It depends what you mean by 'use' - availability of the technology or customer take-up? Contactless fraud has increased because its availability as a fraud channel has increased - not because more customers are using contactless. The reason it is somewhat contained is down to the various transaction limits. Contactless fraud is very definitely more prevalent than non-contactless fraud in the environments where it can be perpetrated - i.e. face-to-face and L&S. It has increased, significantly, the volume of fraud passing through those environments and as a proportion of the fraud in those environments (over the past few years).
    Originally posted by eskbanker
    The interesting thing here for me is that I didn't think I had a strong view either way on the 'relative' safety of contactless as a transaction environment but having been challenged here (thank you) I now think I understand that I do have a view and why it exists.

    Before leaving the cards industry I was heavily involved in the establishment of rules and liabilities for the CHIP & PIN environment. Like many at the time, I saw this work as hugely significant for reducing counterfeit and L&S fraud - and, indeed, it worked well. For someone to come along years later and say, 'hey guys I've discovered contactless technology; what do you think' was the complete antithesis of what we'd all be trying to achieve - I guess I took it personally.

    So, the question, 'can we do contactless?' was answered with a 'yes' by all, but the question, 'should we do contactless?' was only put to the marketing department! Their answer was a resounding yes and possibly based on a view that it was absolutely essential to save a few seconds at the POS and that any fraud losses would be sufficient compensation for those seconds gained. (Yes, I am aware this is a facetious view).

    The safeguards put in to control fraud were then somewhat ignored and (as we have seen, varied from country to country) and customers found themselves inconvenienced when their lost cards were used to perpetrate pre-block card-present fraud in volumes far higher than should have been the case - in all probability a lost card (post CHIP & PIN and pre-contactless) might have seen no use whatsoever - certainly not in the face-to-face environment anyway. The business case for contactless was then eroded a little by the introduction of a zero-floor-limit that added back a few seconds to the process.

    So, you can indeed look at the overall use of contactless and take the view that contactless fraud is not very likely, and, if the card never leaves your sight and is never lost, you'd be spot on but, as soon as you lose it (or have it stolen) it could well be inevitable, especially if you don't keep regular tabs on where your cards are.

    As for me, I love contactless - if only I could get to the shops.
    • eskbanker
    • By eskbanker 27th May 19, 12:21 AM
    • 10,640 Posts
    • 13,047 Thanks
    eskbanker
    Clearly, increasing the availability of a payment channel that is fraud prone is going to increase the fraud passing through it.
    Originally posted by Terry Towelling
    The credibility of your assertions suffers when there is no attempt to conceal the inherent bias!

    My view is that there is no point in viewing contactless fraud in terms of contactless usage; it is more appropriate to view it in terms of its proportion of fraud in the categories where it occurs - which is predominantly card-present and L&S situations - no 'spinning' is required.
    Originally posted by Terry Towelling
    As you might expect, I disagree - there's no doubt that the modus operandi of card fraud will naturally vary between contactless and non-contactless, but that doesn't legitimise carving up the stats like that to construct that line of argument! I'd reiterate the UK Finance view on this, in the context of face-to-face:
    Fraud using the contactless technology on payment cards and devices remains low, with £19.5 million of losses during 2018, compared to spending of £69 billion over the same period.

    This is equivalent to 2.7p in every £100 spent using contactless technology, the same level recorded in 2016 and 2017.
    As a 'secure' payment method, there is probably little to choose between contactless and CHIP & PIN as long as the card is in the hands of the rightful cardholder - but it is almost completely insecure when in the hands of an unauthorised user (the zero-floor limit will have changed that a bit of late).
    Originally posted by Terry Towelling
    I do accept that someone finding (or stealing) a contactless card has the opportunity to use it fraudulently with less security checks than C&P, but this was more about actual occurrences of such fraud rather than what's theoretically possible.

    So, why was it felt necessary to harmonise practices in this way? Was it to help customers know what they could expect right across Europe, or was it to ensure that contactless fraud didn't move across borders within Europe to find the 'path of least resistance' to fraud?
    Originally posted by Terry Towelling
    The contactless measures are a relatively peripheral aspect of PSD2 - I don't claim to know the full story behind its rationale but know enough about it to understand that it's not a set of regulations primarily about contactless security!

    It depends what you mean by 'use' - availability of the technology or customer take-up?
    Originally posted by Terry Towelling
    I didn't really think that use was an amibguous concept, but let's just go with transaction volumes.

    Contactless fraud has increased because its availability as a fraud channel has increased - not because more customers are using contactless.

    [...]

    Contactless fraud is very definitely more prevalent than non-contactless fraud in the environments where it can be perpetrated - i.e. face-to-face and L&S. It has increased, significantly, the volume of fraud passing through those environments and as a proportion of the fraud in those environments (over the past few years).
    Originally posted by Terry Towelling
    What support do you cite for all these opinions?
    Last edited by eskbanker; 27-05-2019 at 9:03 AM.
    • Terry Towelling
    • By Terry Towelling 27th May 19, 5:22 PM
    • 1,614 Posts
    • 1,346 Thanks
    Terry Towelling
    Clearly, increasing the availability of a payment channel that is fraud prone is going to increase the fraud passing through it.
    The credibility of your assertions suffers when there is no attempt to conceal the inherent bias!

    Perhaps my English was clumsy and I should have said 'provides an easy opportunity for fraud' rather than 'fraud prone'. To clarify, my meaning of 'fraud prone' in this thread was indeed about the ease of opportunity for fraud to take place - I can see how the word 'prone' could mislead.

    My view is that there is no point in viewing contactless fraud in terms of contactless usage; it is more appropriate to view it in terms of its proportion of fraud in the categories where it occurs - which is predominantly card-present and L&S situations - no 'spinning' is required.
    As you might expect, I disagree - there's no doubt that the modus operandi of card fraud will naturally vary between contactless and non-contactless, but that doesn't legitimise carving up the stats like that to construct that line of argument!

    Contactless fraud is a face-to-face fraud (where else would it sit?) In 2018 there were £70m of face-to-face losses - £19.5m of contactless (which must sit in that £70m) represents 28%. That's not 'carving' or 'spinning'. Face-to-face fraud is up 40% in 5 years. Arguably (and I know you will) contactless fraud is mostly done on L&S cards. In 2018 L&S fraud stood at £95.1m - up 66% in 5 years. If all contactless fraud were L&S (yes, arguable) contactless represents 24% of it. 'Carving', no not really; 'spinning' perhaps a little. Could the 5 year trends be down to contactless? I believe that is entirely possible - you may disagree, I don't mind.If you want to look at fraud as a percentage of total transactions you will always find a way to say it is low - the question of whether it is acceptable to create an environment where it can easily take place is more subjective. To truly understand the impact a payment channel is having on fraud is to look at the environment where that payment channel sits. Contactless sits in the face-to-face environment and is largely (my opinion) down to crooks using lost and stolen cards, so it makes sense to examine trends within those fraud environments when gauging its impact.


    As a 'secure' payment method, there is probably little to choose between contactless and CHIP & PIN as long as the card is in the hands of the rightful cardholder - but it is almost completely insecure when in the hands of an unauthorised user (the zero-floor limit will have changed that a bit of late).
    I do accept that someone finding (or stealing) a contactless card has the opportunity to use it fraudulently with less security checks than C&P, but this was more about actual occurrences of such fraud rather than what's theoretically possible.

    That's very magnanimous of you to accept that someone finding or stealing a contactless card has the opportunity to use it fraudulently with less security checks than C&P but that seems to ignore the fact that said crook can't use it at all with C&P unless they have stolen/come by the PIN too.L&S fraud isn't solely comprised of face-to-face transactions and face-to-face fraud isn't solely comprised of L&S fraud, so drawing conclusions from any analysis (at the level possible with the UK Finance figures) is difficult but it is hard to see why each category should have increased quite so much over the past five years when the only thing that has really changed is the use of contactless as a payment channel. Are customers losing their cards and PINs more these days? Are fraudsters committing more card-not-present fraud with L&S cards? Are there more fraudulent card applications these days? Is the postal service less reliable allowing morecards/PINsto be intercepted? I may (or may not, if time prohibits) go back through the UK Finance fraud categories to see if these other environments might explain the increase.

    It depends what you mean by 'use' - availability of the technology or customer take-up?
    I didn't really think that use was an ambIguous concept, but let's just go with transaction volumes.

    So fraud increases within a payment channel because that payment channel is seeing more genuine use? To a degree, maybe. Fraud usually increases in a payment channel if it is easy and attractive to commit fraud that way, not because more people use it genuinely. The greater the genuine take-up of a payment channel the easier it becomes to pass off the fraud as insignificant because its percentage reduces.

    Yes you can argue that £19.5m is not that great (and that's fine) but it is possible to argue that that £19.5m fraud would not have happened at all without the contactless payment channel. We all have to pay for these losses in the end because the banks aren't going to willingly jeopardise their profits.

    The Zero-floor-limit and PSD2 will further contain contactless fraud losses for card issuers in the UK; that's good. Retailers/Acquirers who flout the transaction limit/Floor limit and Issuers who routinely approve over-limit transactions may cause problems and these may lead to Chargebacks that are absorbed by retailers and not recorded as fraud - which is probably already happening.
    Last edited by Terry Towelling; 28-05-2019 at 3:42 PM.
    • eskbanker
    • By eskbanker 27th May 19, 6:21 PM
    • 10,640 Posts
    • 13,047 Thanks
    eskbanker
    Not sure there's much mileage in continuing this (especially given the declining legibility of the formatting!) - the facts are what they are and I think we'll need to agree to disagree about how they're interpreted....

    A couple of final passing observations on the UK Finance data though - there have also been substantial increases in other fraud channels such as CNP in recent years, and at least some of the contactless stats refer to cards and devices, I'm not sure what the split of the latter is and really can't be bothered to research it!
    • TheShape
    • By TheShape 27th May 19, 6:22 PM
    • 1,491 Posts
    • 1,354 Thanks
    TheShape
    I've read most of the thread but can't be going back to read it again to check if anything below has been considered.

    A benefit I feel of the move to greater acceptance of card and contactless payments is the reduction in the number of times I use cash machines and the reduced number of time I need to input my PIN into a payment terminal. I don't want to lose my card and have someone make a number of contactless transactions but I'd rather that than have my PIN recorded at a cash machine and my card skimmed/retained by a device or have my PIN overseen in a shop and then my wallet stolen.

    I think it might be useful to consider whether contactless (although open to fraud) has in anyway reduced opportunities for other types of card fraud to occur.
    • Terry Towelling
    • By Terry Towelling 27th May 19, 8:02 PM
    • 1,614 Posts
    • 1,346 Thanks
    Terry Towelling
    I think it might be useful to consider whether contactless (although open to fraud) has in anyway reduced opportunities for other types of card fraud to occur.
    Originally posted by TheShape
    It's an interesting viewpoint that card-fraud staff will have discussed at length. One view was that fraud is a balloon; you can squeeze it in one area but it just pops out in another. The question was, 'how hard do you want to squeeze an area where you can tolerate and contain the losses?' Squeeze too hard and it might just migrate to an area that is harder to contain and you lose control.

    So maybe allowing a degree of losses through something like 'contactless' will stop something worse happening elsewhere.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

411Posts Today

4,871Users online

Martin's Twitter
  • Delighted people are pushing @BorisJohnson on getting proper financial ed in schools. He says not enough resourc? https://t.co/c8Eb6BAwgU

  • RT @MartinSLewis: I sued Facebook for defamation over scam ads & settled in return for 2 things that LAUNCH TODAY -1on1 scam help at new C?

  • Bizzare German twitter mash article has called me "MARTIN LEWIS, der Geldsparexperte," Any german speakers out the? https://t.co/1tXEzCe4Y3

  • Follow Martin