Contactless payments have become a major success for the payments industry. Over the last couple of years contactless has been almost universally welcomed and embraced by UK consumers, and (perhaps more grudgingly in some cases) by merchants. Even the “strictly
cash only” market stall where I buy my weekly fruit and veg got a SumUp contactless reader a couple of months ago - and my final reason for carrying cash disappeared.
While well documented pandemic driven hygiene concerns provided a compelling trigger to ditch cash, the more fundamental reason for the success of contactless is its sheer simplicity. Consumers get it - tap your card to pay for anything up to £45.
We may be about to see the clarity of the contactless proposition – and consumer trust in it, undermined.
As of today, Friday 15th October 2021, the UK contactless payments regulatory limit rises to £100 per transaction and the cap on the cumulative amount that can be spent before entering a PIN, if using a card goes from £130 to £300. In our opinion that is
a good thing. It brings most common payment transactions, including weekly grocery shops, rail tickets and fuel payments within the contactless limit, and that will surely benefit consumers.
Simplicity replaced with confusion?
However, the increase is a regulatory maximum and banks, and merchants are free to set their own limits up to these amounts. This risks confusing consumers who may find that maximum contactless transaction values vary between merchants. Customers will be
uncertain as to what they can spend where and when they will have to enter a PIN. Retail industry reluctance to accept the change and heel dragging over implementation will likely exacerbate this. Press
headlines that the rise will expose consumers to higher levels of fraud may also undermine the public’s trust in contactless.
From an industry perspective, the manner of its introduction has failed to take full account of some of the technical and logistical implications, notably around upgrading terminals and the fact that some issuers use different response codes to indicate
when a limit is breached, and a PIN is required. There are also complexities as to how the rules on cumulative limits actually apply when consumers have more than one card associated with an account and/or use their card within a mobile wallet such as Apple
Pay. A PIN is required when cumulative the spending on the card reaches the limit, rather than the account. Application of authentication, for example use of a fingerprint or facial recognition, when a mobile wallet is used to make the payment resets the cumulative
count for the mobile wallet only and not the card, as the limits are per device and separate. While it is not realistic to expect consumers to appreciate this subtlety, it is not understood by some merchants either.
A political rather than industry driven change
It’s important to understand that this rise was not initiated or motivated by the payments or retail industries. The previous, more modest, industry driven transaction limit increase in 2020, from £30 to £45 was driven by public health concerns and widely
supported and communicated. The subsequent change to £100 was conceived as a political statement by the UK Government to demonstrate its ability to break free of EU regulation post Brexit and deliver some kind of quick “Brexit dividend”. The limits were originally
set at €50 (individual transaction limit) and €150 (cumulative limit) by the European Banking Authority (EBA) as part of the PSD2 SCA Regulatory Technical Standards (RTS).
The case for £100 is compelling
That being said, the case in favour was well put by the UK Financial Conduct Authority (FCA) in its
policy statement on the proposed changes published in March 2021 to coincide with UK Chancellor Rishi Sunak’s budget announcement on the change. The FCA argued the point that the rise brings most common transactions within the limit. It also strongly, and
correctly, countered the concerns over increased fraud risk. Contactless fraud in UK is negligible at 0.02% of the amount spent and did not rise with the 2020 increase in the single transaction limit from £30 to £45.
Furthermore, countries that have already increased their limits to an equivalent value of more than £100, notably Singapore, Australia and Canada have not experienced any material increase in contactless fraud as a result. The FCA has also placed a clear
requirement on card issuers to monitor transactions, detect and stop potentially fraudulent transactions. Over 99% of contactless transactions are authorised “on-line” and subject to issuer fraud profiling before they are approved. Furthermore, the main concerns
that consumers have, and the press sometimes quotes concerning the vulnerability of contactless cards to fraud are based on
mis-information and in the worst case, banks take liability for any losses. Consumers are therefore protected and compensated should money be stolen.
The payments industry falls in line with a nod to consumer control
The payments and banking industry coordinated through UK Finance has broadly fallen in behind the regulation and all UK issuers are raising the maximum single transaction limit on their cards. The cumulative limit will not necessarily be raised to the maximum
allowable £300. This value is set by issuers based on their risk policies. We also understand that the majority of merchant acquirer owned payment terminals have been updated to support the change.
One of the measures being taken by some issuers to reassure fearful consumers is allowing them to set their own maximum limits.
Recent research undertaken on behalf of KIS Finance indicates that nearly three quarters of UK consumers want the option to do this, primarily to help them control spending or because they are concerned about theft. Banks offering the option include Lloyds,
Halifax, Bank of Scotland and Starling. But these measures to support consumer choice are fragmented and arguably a distraction, especially in the light of another finding from the KIS Finance research that 45% of consumers are happy to see the limit rise
to £100 vs. 38% who would like to have seen it stay at £45. We also understand that one issuer’s option of non-contactless cards for consumers concerned about security has only been adopted by a tiny minority of its customers.
Arguably where the financial services industry has failed to deliver is in driving consumer awareness and setting the communications agenda around the change. There has been some informative press coverage in recent days, but it is likely that most consumers
will not be fully aware of how the new limits are being introduced and protections that are in place.
Retail merchants drag their heels
The most notable resistance has come from the retail industry driven primarily by two main concerns, so called contactless walk-off losses and the level of interchange.
Contactless walk-off losses occur when a consumer using a self-scan and check out terminal tries to make a contactless payment. If the transaction breaches the issuer’s cumulative limit, the issuer will not authorise the transaction until a PIN is entered.
The customer who has heard the terminal ping to confirm that the card has been read may not realise that the transaction has not been authorised and may inadvertently leave with the goods without actually having paid. According to an estimate presented by
the British Retail Consortium (BRC) in their
response to FCA’s consultation these losses could be as much as £33 million per annum, but this figure is an estimate only and has been questioned. As the BRC acknowledges and FCA points out, the corresponding rise in the cumulative limit will reduce the
risk of this occurring, and there are other relatively simple measures that can be taken to better communicate to customers that a PIN is required via both the payment and the Point-of-sale terminal. Some merchants have updated signage at the point-of-sale
and introduced audible warnings and see a reduction in losses.
The interchange argument is really a separate issue from contactless limits and is a revisiting of long, and sometimes rightful, retailer dissatisfaction with the level of card transaction fees. Ironically this is one where UK merchants have suffered the
opposite of a Brexit dividend as the UK has withdrawn from the European regulation that caps scheme rates.
Of greater concern is, the uncertainty expressed by some individual merchants over when and how high they will set the single transaction limit for their stores and when merchant owned terminals will be upgraded. This is what will lead to most consumer confusion
and frustration over inconsistencies as to when they need to enter their PIN.
The solution: communicate and reassure
So, what can be done to minimise the potential negative fallout from the change? Communications are key, and issuers and merchants should jointly do this. Messaging needs to address two main area:
- Clarifying why limits will vary in the short term but will converge on £100 in the medium term
- Reassuring customers that fraud risk is still low and that they are fully protected. This includes continuing to debunk some of the myths around contactless security.
However, it is at point of sale where consumer confusion will arise. There is a responsibility on merchants who are not yet adopting the £100 limit to clearly communicate how much they can spend without entering a PIN, if using a card and help get across
the message that they will still have to from time to time when the cumulative limit has been reached.