Australian Parliament and police call on banks to create 'opt-in' function for contactless cards

Australian Parliament and police call on banks to create 'opt-in' function for contactless cards

Australian banks may have to create an 'opt-in' function that requires customers to consent to the activation of contactless payment technology following complaints by police about a rise in low-value payments fraud using stolen cards.

The recommendation comes from a Parliamentary Joint Committee into financial-related crime, which criticised banks for introducing new technologies without first consulting with law enforcement agencies.

The report cites evidence presented by Victoria Police of a 'significant increase' in deception offences in which new technology had enabled offenders to commit multiple low value transactions with stolen credit cards.

While the UK has just moved to a £30 ceiling for payments by contactless, Australian banks have a more liberal approach, with up to $100 per transaction permitted with tap and go cards. Victorian Police now claim to be dealing with 100 extra credit deceptions per week from contactless crime.

In its submission, Victoria Police argued: "The major banks provide a Zero Liability Policy to customers who are victims of fraudulent transactions. This policy is clearly advertised in conjunction with ‘Tap and Go’ technology. Widespread promotion of the Zero Liability Policy is expected to motivate offenders who are likely to see that the victim will not be at a personal loss."

The force was highly critical of the lack of consultation between financial institutions and the police in relation to the introduction of new technologies.

While the banks disputed the claims, Committee members sided with the police, arguing that financial service providers ought to consider law enforcement issues more carefully.

"While banks have argued the fraud risk of new technologies is accounted for in their banking systems, the committee believes that consumers should have the option of disabling contactless payment features," states the report. " The committee recommends that financial institutions which issue debit and credit cards create an 'opt in' function that requires customers to consent to contactless payment technology features being activated on their cards."

Comments: (16)

A Finextra member
A Finextra member 07 September, 2015, 12:572 likes 2 likes

It makes sense to introduce this kind of service and it is perfectly in line with the current trend of consumer personalisation of their payment behaviour. So I am curious to see how this will develop further and what impact this will have globally.

David Birch
David Birch - Tomorrow's Transactions - London 07 September, 2015, 13:53Be the first to give this comment the thumbs up 0 likes

"The report cites evidence presented by Victoria Police of a 'significant increase' in deception offences"

Does anyone have a link to this report as I'd be really interested to read it and compare losses with UK.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 07 September, 2015, 15:51Be the first to give this comment the thumbs up 0 likes

So, this does highlight The Clear And Present Danger With NFC Payments that I was concerned about:(

David Birch
David Birch - Tomorrow's Transactions - London 07 September, 2015, 18:183 likes 3 likes

No, it doesn't. The report says that over the year, the rise in lost and stolen card fraud was about $100k (out of $400m). Inconsequential.

A Finextra member
A Finextra member 08 September, 2015, 01:25Be the first to give this comment the thumbs up 0 likes

This is nonsense. The cost of any solution would far outstrip the value of any rise in crime itself, and there is no evidence that consumers would even pay it any attention

A Finextra member
A Finextra member 08 September, 2015, 05:101 like 1 like

$100,000 divided by $400,000,000 x 100 = 0.025%. That is 25 thousandths of one percent of total payments.

We should not rest on that level of fraud as one incident of fraud is one incident too much. When tokenisation of credit and debit cards is fully developed through mobile payments, biometrics are used for ID such as fingerprints, and all PIN numbers are randomly generated online which are called ePINs, will further decrease fraud for credit and debit cards.

Contactless cards are very safe, safer than older technology such as the magnetic stripe, future technology will rid us of needing any plastic cards.

Conclusion: there is nothing to worry about but we must never take our eye off the ball when it comes to credit card fraud.

Michael Joyce
Michael Joyce - Shorebank International - Dhaka 08 September, 2015, 05:321 like 1 like

A tiny amount of fraud, but it is the police who are bearing the cost of the investigation. They should have been better consulted. Ultimately though, the police ought to be happy that the amount of cash in the community is being reduced. 

The good news is there is a solution for the paranoid... a tin foil wallet! 

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 08 September, 2015, 09:47Be the first to give this comment the thumbs up 0 likes

Who is to say "how much is too much"?  By the same token,

  1. Whole countries have claimed that Chip + PIN is a waste of money. 
  2. STRIPE lambasts 2FA / 3DS by saying that it results in loss of revenues (https://support.stripe.com/questions/does-stripe-support-3d-secure-verified-by-visa-mastercard-securecode).

End of the day, fraud metrics can work both ways. 

Lu Zurawski
Lu Zurawski - ACI Worldwide - London 08 September, 2015, 13:311 like 1 like

I'm all in favour for a customer persolization approach - its an inevitable next step as contacless "goes mobile" (and App-enabled POS rises). I just recalled what's needed - I want my payments to be be "easily turn off and on-able".

A bit like the old UK "Creature Comfort" advertising campaign:

http://www.youtube.com/watch?v=Zv2tdCEBkKg

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 08 September, 2015, 14:05Be the first to give this comment the thumbs up 0 likes

On another note, haven't all - contactless or "contactful" - cards needed activation / opt-in in Australia? Maybe things have changed now but, when I got my credit cards in Germany, UK and India several years ago, I was required to call a tollfree number before I could use them for the first time.

I maybe going slightly off the track here but, in response to @LuZurawski, I remember reading an article where an iPhone6 user in USA found the Apple Pay authorization screen popping up near the turnstile at an amusement park, when the NFC was used for access control, not payment! Not sure whether on-off feature will be supported on mobile or contactless anytime soon! 

A Finextra member
A Finextra member 08 September, 2015, 15:332 likes 2 likes

Hi Ketharaman,

Every new or replacement credit or debit card has to be activated before it is allowed to be used in Australia, which is probably what happens in every other jurisdiction I would imagine. There is no need to activate the contactless function separately because when the card is activated its contactless function is immediately available as a default setting.  

I bank with the Commonwealth bank of Australia (CBA) and I use their CommBank app on my iPhone 4S. The CommBank app is also available for Android phones, Windows phones, Apple Watch and the Android Smartwatch. The CommBank app can digitally convert your CBA MasterCard through ‘Host Card Emulation’ (HCE) and is then available for contactless payments via the smartphone’s NFC facility.

If your phone does not have NFC, you can purchase a physical sticker that you stick to the back of your phone called a ‘PayTag’. That is what I have got for my iPhone 4S as NFC only became available with the iPhone 6 and 6 Plus models.

The CBA’s CommBank app has a feature where you can do five alternative things to restrict the use of your credit card from your smartphone.

(1), under the heading, ‘Lost, stolen or damaged card’, you can do three things. (A), you can apply a temporary lock while you look for a misplaced card. (B), you can cancel your card to prevent unauthorised use. (C), you can order a replacement card if it is damaged and cannot be used.  

(2), under the heading, ‘In-store international payments’, one can lock the use of your card by anyone who has obtained your cards details.

(3), under the heading, ‘Online international payments’, you can block the use of your card on the internet.

(4), under the heading, ‘ATM cash advances’, you can block anyone from withdrawing your money from any ATM in the world by activating this feature.

(5), under the heading, ‘Limit per transaction’, you can set a predetermined spending limit for any single transaction as a security or budgetary measure.

A Finextra member
A Finextra member 08 September, 2015, 15:371 like 1 like

The CBA have not exactly allowed a customer to turn off the contactless function, but they have made operating their card much more flexible and secure.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 08 September, 2015, 15:58Be the first to give this comment the thumbs up 0 likes

TY @JohnCandido. Apple Pay seems to operate in the same fashion as the CBA app in terms of letting you control the use of the card(s) on file in many ways but, as far as I could make out, doesn't provide an "on-off" button. On a side note, this is one more case that reinforces my belief that striking the right tradeoff between convenience and security in retail payments is tricky. Had the bank implemented a separate activation for contactless functionality in addition to the one for basic card activation, I can imagine many people - me included! - complain about having to jump too many hoops to start using the card!

Lu Zurawski
Lu Zurawski - ACI Worldwide - London 08 September, 2015, 16:14Be the first to give this comment the thumbs up 0 likes

Thanks for the insights. And kudos to CBA - not a bad implementation of consumer controls and "turn-on-and-off-ability".

A Finextra member
A Finextra member 09 September, 2015, 09:22Be the first to give this comment the thumbs up 0 likes

BTW did anybody checked the content of a NFC credit card? I did this using a cell phone plus an app. I found transactions stored back to 2013. I have to admit that I have been quite surprised.

Trending Stories