Community

If a receiving bank cannot be held responsible to a third party victim of fraud, by the same logic nor can a social media company when their platform is used to initiate frauds.

Banks still need to do more to prevent fraudsters from operating bank accounts. The APP reimbursement rules, which came into effect after this fraud, go some way to encourage banks to do more (by making the fraudster's bank 50% liable for fraud up to £85k).

This proposal is wacky and the engagement paper is unbalanced and misleading, missing important data and providing other data that is very selective. You have to question its motives.

The reality is all contactless payments are unauthorized so increasing the limit increases unauthorized fraud. In parallel, the paper proposes to remove strong customer authentication, failing to recognize its significant impact in reducing unauthorized card fraud.

Additionally, it is well known that 'good' friction is desirable in higher value payments, especially for consumers, so why remove it? Why no discussion about this?

To summarize, the paper proposes two measures that will increase fraud and reduce consumer trust and safety while claiming to be beneficial to them in an unspecified way.

This looks like part of a concerted effort to lay the ground to justify digital id.  

missing data:

• the average contactless payment is £16 (£15 debit, £21 credit), not even close to the current £100 limit, so where is the pressure to raise the limit?
• when the limit was raised from £30 to £45 in April 2020, the average contactless payment value increased from £10 to £12 a year later; when raised from £45 to £100 in October 2021, the average value increased from £12 to £15 a year later, both indicating the volume of payments between the previous limit and the new limit to be low. If it was significant, why hasn't this data been presented?
• no discussion on the impact, consequence and consumer benefit of the previous increases - presumably it was minimal
• no mention of the 80% increase in contactless fraud losses in 2022 the year after the limit increased to £100
• no mention or analysis of the effectiveness of SCA in reducing card fraud

selective data:

• highlighting the 19% increase in contactless fraud in 2023 to £42m, failing to mention this was over a year after the limit increase, on top of the 80% fraud increase in 2022 i.e. the limit increase from £45 to £100 doubled contactless fraud over two years
• failing to compare the contactless fraud with the relevant domain of face-to-face fraud (internet/CNR fraud is irrelevant to contactless) of £91m in 2023 i.e. contactless fraud, that doubled in two years, accounts for 46% of all face-to-face card fraud
• instead, comparing contactless fraud with the overall unauthorized fraud of £709m to make it look small in comparison, but only £417m of this fraud was UK card fraud
• using the Future of Payments Review to justify the proposal, calling it 'independent', but it was commissioned by HMT, conducted by a person appointed by HMT and resulted in recommending HMT to lead UK payments strategy 

   

On the face of it, this looks like a good move - regulatory simplification is always welcome.

However, the original purpose of the PSR to loosen the grip of the bank oligopoly on the UK payment systems to free up space for new entrants and innovation has not been achieved. The problem still exists, with the oligopoly intact and under no pressure to innovate while reaping the substantial fees it collects on cards.

A cynic might say the PSR has achieved the government's objectives and is no longer needed. It has suppressed innovation on Faster Payments by allowing the sale of the core system to a card network (unbelievable) and by combining the operator into Pay.UK with legacy systems like Bacs to hold it back. Meanwhile tying the NPA in knots for six years until cancelled last year, allowing Paym to wither away and dragging its feet on open banking VRPs making life difficult, if not precarious for financially-stretched new entrants as well as slowing down the growth of open banking payments. Thus, contributing to the groundwork to introduce a surveillance system of CBDC with digital id unthreatened by mass use of better, innovative alternatives.

Card interchange fees are anti-competitive by incentivising high costs, inhibit innovation by providing little incentive for issuers to innovate with new payment methods and harm end-users who over-pay for goods and services and without their knowledge.

Although I am the last person to encourage regulation, given these points, the PSR is perfectly within its right to cap interchange fees, epecially since its objectives are to enable competition, innovation and end-user benefits.

The issue with interchange is the payers who ultimately pay it, consumers, have no choice in the matter and no knowledge of it. Interchange is set by card networks, disbursed to card issuers (who naturally choose the card network with the highest interchange), paid by acquirers who have no choice but to pay it, who collect it from merchants (the same, regardless of which acquirer they choose) who include it in the price of their goods and services paid by consumers.

Instead of caps, an alternative remedy would be to require merchants to separate the acquiring fee they pay on each sale from the sales price, charge it separately and display it on POS receipts and online checkouts. 

Thus, consumers would see the cost of the payment method they use and pay for it. As well as being fairer, through eliminating the subsidy of consumers with high cost credit and charge cards (gold, platinum etc) by those using low cost debit cards, this would encourage competition between different types of card and between different payment methods. In turn, this would lead to innovation with improved and new payment methods, benefiting consumers and society as a whole.

mmm - this report looks very odd:

"Regulators such as the FCA and PSR should push forward innovation and competition in the sector" - how can they? It's like asking a football or rugby referee to make games more competitive or the players more creative.

"Promote further financial inclusion by diversifying payments services" - with a population of 68m, over 100m current accounts and 162m debit cards and credit cards in circulation, financial inclusion is hardly a problem in the UK.

"We certainly don’t want to see the UK fall behind in the realm of payments" - the UK fell behind about 10 years ago, look to China, Thailand, India and Brazil among others to see who are the leaders and how far ahead they are.

If this report reflects the UK payments industry, it has very sadly lost its way.

The request for a combined processor of pay-by-bank and cards is a growing trend, with some interesting dynamics.

Will open banking PISP aggregators partner with card acquirers, will they build/buy their own card capabilities or will there be mergers between the two? Often acquirers offer pay-by-bank services, but it is a side show compared to their card volumes and it is also a risk that may cannabalise higher margin card volumes - cards and pay-by-bank are uneasy bedfellows, no doubt AIS data insights will be used to differentiate deals.

Tokenized assets present a huge risk of fraudulent fractional ownership. It is very difficult without complex and persistent auditing to enforce a 1:1 relationship between a real world asset and the digital assets that tokenise it.

An example is the London precious metals market where the paper contracts sold are believed to have combined claims vastly exceeding the metal available. It works until too many paper holders request delivery. This is an old world problem that will continue through to new world tokenization.

This is a typical example of government overreach - the Dutch government has no evidence for its concerns as BNPL is not available in physcial stores. Citing "vulnerable groups" is a classic catch-all used to justify anything. If it was genuinely concerned it would wait to review the usage after 12 months and take any action as necessary if issues become apparent.

It suggest the government has other motives - for example, it may want to avoid a new innovative and popular solution competing with the digital euro which the bureaucrats are pushing.

This is a sensible move. Both payment initiation services and account information services in open banking need their own set of operating and participation rules.

A separate scheme/operator for each may be the best solution. 

I believe that "drawing on US experience" means allowing individual retailers to set their own contactless limits, which is fair. 

I hope so - then retailers can set limits to their own risk appetite based on their own experience, rather than being forced to accept high value unauthorised, potentially fraudulent card payments.

Otherwise, raising the contactless card limit further will increase contactless fraud. It jumped 80% (according to UK Finance's 2024 fraud report) in 2022 after the limit was rasied from £45 to £100 in late 2021 and rose a further 19% in 2023.

UK Finance plays down the significance of contactless fraud - although one third of all lost & stolen card spend (i.e. fraud ) was contactless in 2023, it was relatively low in total at £41.5 million, with the contactless fraud-to-turnover ratio below that for unauthorised card fraud overall.

Any changes the FCA makes to contactless limits must keep a lid on fraud.