Lloyds gives users control over contactless limits amid fraud fears

This is a nice additional capability for consumers (anecdotally, the move to a £100 limit seems to raise eyebrows). Customer experience is very often about getting the details right. Good work, Lloyds.

Hi,

This is very useful initiative and if possible we would like to know how it is implemented.  We use Coonex switch and HOGAN as back-end processing system.. The contactless limit is stored in the card chip - so how the mobile app allows cutomer to select what the customer prefers?  

A good response on an irresponsible move by the authorities´ limit hike that risks to make cards more attractive to pick-pockets and other thieves. Why not a 200 GBP limit or 500? And why did the PSD2 require strong customer authentication at all? Answer: To protect cardholders from fraud hazzle and make it more difficult for criminals to steal monies in the payment system. 

From a macroeconomic pov, a ceiling of GBP 100 in a $39K per capita economy does not sound too high compared to GBP 50 / $2K but, nonetheless, kudos to Lloyds for empowering customers to take their own decision by setting their own ceiling.

To respond to Vivek’s question, the vast majority of contactless txns in the UK are online, so assume the limit is checked when the txn comes to the issuer for authorisation, & the mobile app controls the individual customer authorisation limit for a contactless txn. there will also be a chip contactless limit, & assume this will remain unchanged & not be customer configurable - but this will only come into play where the issuer is unavailable.

"vast majority of contactless txns in the UK are online".

Keen to know what contactless means in the context of online credit card payments? AFAIK, online credit card payments involve no contact, whether they're made with a plastic credit card having or not having contactless / NFC tech or not. So, the contactless / tap-and-go ceiling meant for brick-and-mortar payments is not applicable to online payments. Also, AFAIK, online credit card payments have no ceiling as long as they don't end up busting of the credit cardholder's credit limit.

Apologies, my terminology was unclear - by online I mean the transaction comes to the issuer host system for authorisation, as opposed to offline where the card itself (as well as any terminal / scheme limits) determine whether the transaction is authorised. This is independent of whether the txn was face to face (chip + PIN or contactless) or remote ((CNP etc).

In my view online transaction limit is not 'contactless limit'.  It is no doubt a welcome measure if it means customer choice to modify online purchase limit but contactless limit ias I see is when a card / mobile phone is used at a physical POS device and the limit up to which no PIN is required.  Only the folks who implemented this initiative can clarify what it is & how it was implemented with the limit being on the chip.  It will greatly help other banks as fraud is not limited to a bank but the whole banking comminity should fight it by exchanging ideas.  Thank you for sharing your thoughts.

It's a backend card control which the customer controls through their mobile app.  If a transaction is made which is below £100, it will be accepted by the terminal and will go through to the backend to be authorised and if the transaction is above the limit set by the customer, the transaction is declined.  It's not an online transaction limit, it is specific to the contactless CVM.

I assume the limit you are referring to is the Offline Transaction Limit in the chip.  This is still there but is being overriden by the terminal which has an Offline Transaction Limit of zero and is going online for authorisation.  The card limit only comes into play when the terminal cannot go online (such as in certain transportation scenarios).

@Vivek I do understand what you are saying of course but it is very complex to send scripts to cards and to ensure scripts have been delivered and actioned.  Much easier to put the card control on the backend, decline the transaction and send the cardholder an immediate push notification as to why that happened.  It is common to the way that all consumer card controls are being implemented.

Thank you Peter for the response, we will take some inspiration now as this is quite useful to do - whatever we can.