29 August 2016
Find out more

UK government sets guidelines to combat contactless m-payments fraud

28 August 2009  |  9785 views  |  5 Security/Risk

The UK government has laid down guidelines designed to tackle fraud associated with mobile phone-based contactless payments.

Contactless m-payments - where users can make low value purchases by tapping their handsets against specially equipped terminals - is being trialled by several phone companies and banks.

The Home Office says it has been working with the industry to make sure tough security measures are in place to prevent phone thieves or cloners from being able to take advantage of the new technology.

The government department has now issued guidelines, asking firms to make sure bank details, phones and SIMs are disabled as soon as possible once phones are reported lost or stolen.

In addition, verification, such as a PIN, will be required for any transactions above the maximum contactless payment value (currently £10) and if more than a certain number of smaller charges are carried out in a row.

The Home Office also wants to encourage those who sign up for a contactless payment handset to add their details on the National Mobile Phone Register (NMPR), making it easier for stolen phones to be identified and recovered. NMPR is linked to voluntary databases designed to make it easier for police to identify and recover stolen phones. Approximate 22 million phones are currently registered on it.

Alan Campbell, minister, Home Office, says: "This technology is an exciting new development but we must continue to work together to reduce any new opportunities for criminals to profit from mobile theft. As new technologies like this develop we aim to consider where safeguards can be incorporated at the drawing board stage."

Barclaycard, currently trialling the technology with wireless operator Orange, has welcomed the guidelines.

Dan Salmons, director, payment innovations, Barclaycard says: "Contactless is the future of payments and with plans for payments to be possible via mobile phone in 2010 the guidelines announced by the Home Office will ensure that security and consumer confidence in mobile payments is further improved."
KeywordsEFTPOS

Comments: (5)

Dean Procter
Dean Procter - Transinteract - Sydney | 29 August, 2009, 14:57

I'm sure they will be just as effective as any other guidelines have been, but I'm at a loss to remember an example.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Colin Henderson
Colin Henderson - Bankwatch Consulting - Canada | 31 August, 2009, 04:29

I am with Dean on this.  Why on earth would it take Government regulation to ensure basic PIN/ password/ security measures be employed.  Barclaycard should be embarrassed that they are being told to do what ought to be basic product design.  The whole card approach which is based on just meeting minimum standards was ridculous 5 years ago, and is now inexcuseable.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Jon Shamah
Jon Shamah - E J Consultants Ltd - London | 31 August, 2009, 06:58

The reason why the UK Govt is making this noise now is so that they can be seen to be doing *something* on the run-up to the 2012 Olympics, where m-payments, combined with e-tickets etc is their current recurring vision.

I also agree that these are all basic measures, which should reasonably be expected to be implemented prior to large scale adoption. - That is unless there is some indemnity given by Barclaycard et al, who are willing to accept liability for any losses. - don't hold your breath.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Andrew Churchill
Andrew Churchill - Technology Strategy - London | 31 August, 2009, 14:24

Why only worry about contactless m-payment fraud, not card based? And Jon, why have m-payments and e-ticketing for 2012 (transport ticketing consultation was out last week)? Surely m-payments, with m-ticketing (as the Barlcaycard/Oyster/O2 pilot), so then why not take advantage of the mobile (a computer) as an integral part of the security process? Some of the current pilots do seem rather unimaginative!

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 30 September, 2009, 12:49

Moves by UK government to lay down guidelines designed to tackle fraud associated with mobile phone-based contactless payments and to increase public confidence are welcome if issuers and acquirers are to make the most of this new channel and grow payment volumes.

Whilst government guidelines are one way to ensure that adequate security measures are in place, it must also be combined with an industry commitment to best practice security. To date, the industry has been careful to add security on both the contactless devices and in the processing network, including a unique built-in secret key on the card which generates a unique CVV. It's also interesting to note that the processing of contactless payments does not require the use of the cardholder's name and some cards do not even include the cardholder's account number. Furthermore, contactless transactions can only be processed once which prevents incidents of "repeat attacks" from occurring, which can affect other types of transactions.

Clearly, the security of any new transaction channel must be a priority if it is to enjoy widespread success, so it is good to see that both the payments industry and the Government have contactless security firmly on the agenda. But other challenges associated with mobile contactless, such as preparing the payments infrastructure for increased transaction volumes where on-line transactions are the norm, require just as much attention if contactless payments are to be the success that everyone in the payments industry hopes they will be.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

NTT claims 10 million mobile wallet users

NTT claims 10 million mobile wallet users

25 August 2009  |  5711 views  |  0 comments
Citi in Indian contactless m-payments trial

Citi in Indian contactless m-payments trial

03 July 2009  |  8273 views  |  0 comments
Citi and Visa in Singapore m-payments trial

Citi and Visa in Singapore m-payments trial

03 April 2009  |  13182 views  |  0 comments
Barclaycard and Orange team on contactless m-payments

Barclaycard and Orange team on contactless m-payments

09 March 2009  |  15576 views  |  0 comments
Barclays to move to contactless debit as standard

Barclays to move to contactless debit as standard

06 January 2009  |  12003 views  |  2 comments
Visa launches Latin America's first NFC m-payments trial

Visa launches Latin America's first NFC m-payments trial

05 November 2008  |  12230 views  |  0 comments
Banks and mobile operators form m-payments association

Banks and mobile operators form m-payments association

23 October 2008  |  11035 views  |  0 comments
Oyster could be replaced by mobile phones or bank cards - TfL

Oyster could be replaced by mobile phones or bank cards - TfL

22 October 2008  |  13530 views  |  0 comments
Barclaycard chief predicts death of plastic cards

Barclaycard chief predicts death of plastic cards

09 September 2008  |  18708 views  |  0 comments
London NFC trial shows customers want contactless m-payments

London NFC trial shows customers want contactless m-payments

02 September 2008  |  14153 views  |  0 comments
RBS trials MasterCard PayPass in London black cabs

RBS trials MasterCard PayPass in London black cabs

08 July 2008  |  10916 views  |  0 comments
Soaring customer satisfaction for French m-payments scheme

Soaring customer satisfaction for French m-payments scheme

02 July 2008  |  7542 views  |  0 comments
Barclaycard to launch public mobile payments trial

Barclaycard to launch public mobile payments trial

28 November 2007  |  15636 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
Visit VocaLink.comVisit capgemini.comVisit www.abe-eba.eu

Top topics

Most viewed Most shared
India's Unified Payments Interface goes live with 21 banksIndia's Unified Payments Interface goes li...
8618 views comments | 22 tweets | 25 linkedin
R3 blockchain consortium sheds light on Concord projectR3 blockchain consortium sheds light on Co...
6561 views comments | 14 tweets | 14 linkedin
Cultural change crucial in digital transformationCultural change crucial in digital transfo...
6218 views comments | 11 tweets | 10 linkedin
Mondo becomes MonzoMondo becomes Monzo
6045 views comments | 14 tweets | 8 linkedin
hands typing furiouslyBlockchain: Some Remarkable Announcements!
5593 views 0 | 5 tweets | 10 linkedin

Featured job

Find your next job