Fraud Rising as Contactless Payment Limits Increase
A brief history of brick-and-mortar shopping would reveal a trend of less and less contact between the customer and the cashier over time. First there was cash, then came payment cards, and now contactless payments through digital wallets are becoming increasingly common. While you’re probably still doing most of your in-person shopping with a credit or debit card, a future where contactless payment is the norm is getting closer every day. Recently, twenty-nine countries in Europe and Asia changed their regulations to allow for higher contactless payment limits. Is this good news for tech-savvy merchants, or are there potential drawbacks to watch out for?
The timing couldn’t be more ripe for an expansion of contactless payment schemes. As the COVID-19 pandemic has everybody practicing extreme caution when it comes to going out shopping, touching objects that other people have touched, and minimizing their handling of easily contaminable items like cash and cards, contactless payments help to reduce potential exposure when you have to go out and buy necessities.
Of course, contactless payments have already been well on their way to wider adoption, and it’s likely that many consumers who are just now trying contactless payments for the first time because of concerns about the Coronavirus will continue to appreciate and utilize convenient contactless payment systems long after the pandemic is over. This public health crisis will lead to many long-lasting changes in the way we live, and contactless payments going mainstream could be one of them.
Because of the relative newness of contactless payments, however, the fraud that derives from it—and the remedies for that fraud—are likewise in their early stages of development. When more consumers embrace contactless payments and the amount of money flowing through these systems goes up, the fraudsters soon follow.
Where are the Limits Changing?
Before we get into contactless payment fraud, let’s back up and review the changes that are set to take place.
The industry players have been aggressive in getting European consumers to accept and utilize contactless payments. Mastercard in particular has pushed several initiatives over the past few years, such as requiring the use of contactless-enabled payment terminals, to the point where now as many as three quarters of all Mastercard transactions in Europe are contactless. This has been touted as a win for merchants and consumers, leading to faster transactions and less reliance on inconveniences like cash and personal identification numbers.
Some of the countries raising their limits are doing so permanently, others on a temporary basis to alleviate some of the challenges and hazards of shopping during a pandemic.
Countries that use the Euro are making the following limit increases:
- €15 to €40
- €20 to €50
- Cyprus, Portugal, Spain
- €25 to €50
- Estonia, Germany, Greece, Latvia, Lithuania, Luxembourg, Malta, Netherlands
- €30 to €50
These countries that are not on the Euro are also raising their limits:
- Albania: 2,000 to 4,500 lek
- Armenia: 12,100 to 20,000 dram
- Belarus: 20 to 100 rubles
- Bulgaria: 50 to 100 lev
- Croatia: 100 to 350 kuna
- Georgia: 45 to 100 lari
- Hungary: 5,000 to 15,000 forint
- Kazakhstan: 5,000 to 20,000 tenge
- Kyrgyzstan: 1.525 to 2,500 som
- North Macedonia: 750 to 2,000 denar
- Poland: 50 to 100 zloty
- Sweden: 200 to 400 krona
- Tajikistan: 140 to 200 somoni
- Turkey: 120 to 250 lira
- United Kingdom: £30 to £45
- Uzbekistan: 52,500 to 250,000 s‘om
What about Contactless Payments and Fraud?
With these limit increases, fraudsters operating in the above countries can now more than double their profit from a single transaction. The more attempts a fraudster makes to make a transaction with stolen credentials, the more changes they have to tip off the cardholder, get caught, or encounter some sort of technical glitch that renders the card useless. When limits go up, each transaction becomes potentially much more valuable, making it more worth the fraudster’s time to go after these contactless payment devices.
The good news, up to this point, has been that contactless payment is relatively safe from fraud, compared to regular payment cards. Contactless card fraud occurs at less than half the rate of overall card fraud. However, this doesn’t mean contactless payment is inherently more secure, and these limit increases mean that fraudsters will be trying harder than before to test their defenses and seek out vulnerabilities.
So far, most contactless payment fraud has been carried out through unsophisticated means: namely, by stealing the credentials or devices directly and using them to make purchases. Fears about contactless card “skimmers” that steal data or money wirelessly just by being brought into proximity with a contactless device have largely proven unfounded. Contactless payment schemes cannot be cloned the way magnetic stripe cards can, and there are many technological and regulatory barriers that would make it nearly impossible to initiate and process a transaction without the device owner’s cooperation.
It is likely, though, that contactless payment card fraud will become more sophisticated and effective in the years to come, even if it does not take shape in the forms we might expect based on the paradigms established in the era of physical payment cards. Fraud will increase after every major expansion of contactless payments; merchants should be aware of this not to avoid contactless payments, but to proactively seek out the fraud and chargeback mitigation tools that will help them weather these changes.
Global events have increased the demand for contactless payment solutions right now, and this will probably accelerate the normalizing of contactless payment options into the future. Whether it’s with a phone, a watch, a key fob, or some other device, making payments by waving an object in the general vicinity of a checkout terminal is where we’re all headed.
Contactless payments may be more secure than plastic cards, but fraud never really goes away—it just changes its form to seep into the cracks that existing security protections can’t seal. Adopt the contactless payments schemes that make sense for your business, but be forward-thinking about anticipating and proactively defending against the ways they might be misused or exploited.