FCA seeks feedback on scrapping £100 contactless limit

The tap-and-go limit without PIN or other strong customer authentication method is an exception in the payments legislation originating from the EU. It means that the payers payment service provider (read card issuer) is assuming the risk that the payment can be challenged arrears by the payer, claiming that it was not made by him/her or that the intentiuon was not to make the payment. If challenged, the card issuer needs to pay back the payment amount unless it can be proven that the cardholder understood and made the payment voluntarily.  The legislator is thereby proposing an increased  risk on the card issuer and should therefore make it free to the card issuer to select any tap-and-go upper limit per trx and per week.  If compulsory, the legislator should make the payer liable for all tap-and-go payments made with the card. If the cardholder is using applepay or samsungpay there is strong customer authentication on the payments and thus the legislation exception is not used for these mobile contactless payments and the upper limit exception thereby does not apply for these payments. 

I would agree that customer choice is key here....  Modern issuing systems all have APIs that support customer elected decisions, for example: on ATM use, Foreign Spend,  eCommerce, etc.... Therefore enabliing a contactless limit to be available for consumer choice in a digital wallet seems logical.  I agree 100% with the member above..... If a consumer elects to raise the limit above £100 for contactless  then that choice and its inherent risk should be the liability of the consumer in the event that the card is lost/stolen.  Notwithstanding the fact that all issuers should have Velocity and other fraud checks in place.  These are a backstop, they are no substitute for the consumer maintaining total control of the card and its RFID footprint.   

This proposal is wacky and the engagement paper is unbalanced and misleading, missing important data and providing other data that is very selective. You have to question its motives.

The reality is all contactless payments are unauthorized so increasing the limit increases unauthorized fraud. In parallel, the paper proposes to remove strong customer authentication, failing to recognize its significant impact in reducing unauthorized card fraud.

Additionally, it is well known that 'good' friction is desirable in higher value payments, especially for consumers, so why remove it? Why no discussion about this?

To summarize, the paper proposes two measures that will increase fraud and reduce consumer trust and safety while claiming to be beneficial to them in an unspecified way.

This looks like part of a concerted effort to lay the ground to justify digital id.  

missing data:

• the average contactless payment is £16 (£15 debit, £21 credit), not even close to the current £100 limit, so where is the pressure to raise the limit?
• when the limit was raised from £30 to £45 in April 2020, the average contactless payment value increased from £10 to £12 a year later; when raised from £45 to £100 in October 2021, the average value increased from £12 to £15 a year later, both indicating the volume of payments between the previous limit and the new limit to be low. If it was significant, why hasn't this data been presented?
• no discussion on the impact, consequence and consumer benefit of the previous increases - presumably it was minimal
• no mention of the 80% increase in contactless fraud losses in 2022 the year after the limit increased to £100
• no mention or analysis of the effectiveness of SCA in reducing card fraud

selective data:

• highlighting the 19% increase in contactless fraud in 2023 to £42m, failing to mention this was over a year after the limit increase, on top of the 80% fraud increase in 2022 i.e. the limit increase from £45 to £100 doubled contactless fraud over two years
• failing to compare the contactless fraud with the relevant domain of face-to-face fraud (internet/CNR fraud is irrelevant to contactless) of £91m in 2023 i.e. contactless fraud, that doubled in two years, accounts for 46% of all face-to-face card fraud
• instead, comparing contactless fraud with the overall unauthorized fraud of £709m to make it look small in comparison, but only £417m of this fraud was UK card fraud
• using the Future of Payments Review to justify the proposal, calling it 'independent', but it was commissioned by HMT, conducted by a person appointed by HMT and resulted in recommending HMT to lead UK payments strategy