Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
News
See Headlines »

Channels

Retail banking Security Payments

Keywords

Cards Eftpos Mobile & online banking
UK government sets guidelines to combat contactless m-payments fraud

UK government sets guidelines to combat contactless m-payments fraud

The UK government has laid down guidelines designed to tackle fraud associated with mobile phone-based contactless payments.

Contactless m-payments - where users can make low value purchases by tapping their handsets against specially equipped terminals - is being trialled by several phone companies and banks.

The Home Office says it has been working with the industry to make sure tough security measures are in place to prevent phone thieves or cloners from being able to take advantage of the new technology.

The government department has now issued guidelines, asking firms to make sure bank details, phones and SIMs are disabled as soon as possible once phones are reported lost or stolen.

In addition, verification, such as a PIN, will be required for any transactions above the maximum contactless payment value (currently £10) and if more than a certain number of smaller charges are carried out in a row.

The Home Office also wants to encourage those who sign up for a contactless payment handset to add their details on the National Mobile Phone Register (NMPR), making it easier for stolen phones to be identified and recovered. NMPR is linked to voluntary databases designed to make it easier for police to identify and recover stolen phones. Approximate 22 million phones are currently registered on it.

Alan Campbell, minister, Home Office, says: "This technology is an exciting new development but we must continue to work together to reduce any new opportunities for criminals to profit from mobile theft. As new technologies like this develop we aim to consider where safeguards can be incorporated at the drawing board stage."

Barclaycard, currently trialling the technology with wireless operator Orange, has welcomed the guidelines.

Dan Salmons, director, payment innovations, Barclaycard says: "Contactless is the future of payments and with plans for payments to be possible via mobile phone in 2010 the guidelines announced by the Home Office will ensure that security and consumer confidence in mobile payments is further improved."

Channels

Retail banking Security Payments

Keywords

Cards Eftpos Mobile & online banking

Sponsored: [Upcoming Webinar] Instant Payments and their impact on the fraud landscape

Comments: (5)

A Finextra member
A Finextra member 29 August, 2009, 14:57Be the first to give this comment the thumbs up 0 likes

I'm sure they will be just as effective as any other guidelines have been, but I'm at a loss to remember an example.

Report abuse
A Finextra member
A Finextra member 31 August, 2009, 04:29Be the first to give this comment the thumbs up 0 likes

I am with Dean on this.  Why on earth would it take Government regulation to ensure basic PIN/ password/ security measures be employed.  Barclaycard should be embarrassed that they are being told to do what ought to be basic product design.  The whole card approach which is based on just meeting minimum standards was ridculous 5 years ago, and is now inexcuseable.

Report abuse
A Finextra member
A Finextra member 31 August, 2009, 06:58Be the first to give this comment the thumbs up 0 likes

The reason why the UK Govt is making this noise now is so that they can be seen to be doing *something* on the run-up to the 2012 Olympics, where m-payments, combined with e-tickets etc is their current recurring vision.

I also agree that these are all basic measures, which should reasonably be expected to be implemented prior to large scale adoption. - That is unless there is some indemnity given by Barclaycard et al, who are willing to accept liability for any losses. - don't hold your breath.

 

Report abuse
Andrew Churchill
Andrew Churchill - MIDAS Alliance - London 31 August, 2009, 14:24Be the first to give this comment the thumbs up 0 likes

Why only worry about contactless m-payment fraud, not card based? And Jon, why have m-payments and e-ticketing for 2012 (transport ticketing consultation was out last week)? Surely m-payments, with m-ticketing (as the Barlcaycard/Oyster/O2 pilot), so then why not take advantage of the mobile (a computer) as an integral part of the security process? Some of the current pilots do seem rather unimaginative!

 

Report abuse
A Finextra member
A Finextra member 30 September, 2009, 12:49Be the first to give this comment the thumbs up 0 likes

Moves by UK government to lay down guidelines designed to tackle fraud associated with mobile phone-based contactless payments and to increase public confidence are welcome if issuers and acquirers are to make the most of this new channel and grow payment volumes.

Whilst government guidelines are one way to ensure that adequate security measures are in place, it must also be combined with an industry commitment to best practice security. To date, the industry has been careful to add security on both the contactless devices and in the processing network, including a unique built-in secret key on the card which generates a unique CVV. It's also interesting to note that the processing of contactless payments does not require the use of the cardholder's name and some cards do not even include the cardholder's account number. Furthermore, contactless transactions can only be processed once which prevents incidents of "repeat attacks" from occurring, which can affect other types of transactions.

Clearly, the security of any new transaction channel must be a priority if it is to enjoy widespread success, so it is good to see that both the payments industry and the Government have contactless security firmly on the agenda. But other challenges associated with mobile contactless, such as preparing the payments infrastructure for increased transaction volumes where on-line transactions are the norm, require just as much attention if contactless payments are to be the success that everyone in the payments industry hopes they will be.

Report abuse
Join the discussion

Write a blog post about this story (membership required)

[New Survey Report] Definitive Differentiators - Forging a future-proof payments model[New Survey Report] Definitive Differentiators - Forging a future-proof payments model

Trending

Related News
NTT claims 10 million mobile wallet users

NTT claims 10 million mobile wallet users

Citi in Indian contactless m-payments trial

Citi in Indian contactless m-payments trial

Citi and Visa in Singapore m-payments trial

03 Apr 2009

Barclaycard and Orange team on contactless m-payments

09 Mar 2009

Barclays to move to contactless debit as standard

06 Jan 2009

French mobile operators and retailers form contactless payments working group

04 Dec 2008

Visa launches Latin America's first NFC m-payments trial

05 Nov 2008

Trending

  1. Lloyds Bank cuts risk dept headcount

  2. UK government announces open finance task force

  3. Lloyds warns against fraudsters on Booking.com and Airbnb

  4. Temenos rejects Hindenburg claims after probe completed

  5. Chips migrates to ISO 20022 message format

Research
See all reports »
The Future of UK Fintech - 2015-2035

The Future of UK Fintech - 2015-2035

Definitive Differentiators - Forging a future-proof payments model

Definitive Differentiators - Forging a future-proof payments model

APP Fraud Liability: A Guide for Banks

APP Fraud Liability: A Guide for Banks