29 June 2017
visit http://events.sap.com/gb/fsi-forum-2017/en/home

The never-ending saga of contactless card fraud

09 September 2016  |  10784 views  |  5 tescobank

Security measures for the UK's contactless card programme have been derided as 'chaotic' after it emerged that customers can still be subject to fraudulent transactions up to eight months after reporting lost or stolen cards.

An investigation by consumer Website moneysavingexprt.com has discovered that customers whose lost or stolen contactless cards have been cancelled may need to comb through months of statements to check for fraudulent transactions.

MSE cites the case of subscriber Justin Robson who discovered that his Halifax cards - cancelled by his bank when stolen last November - were used to make a series of fraudulent contactless purchases eight months later.

The problem arises when tap and go card payments are authorised offline by retailers without first going through the bank's filters.

"Our investigation highlights a chaotic system in which banks are powerless to prevent cancelled cards being used by fraudsters, and don't even know when the fraud will end," says MSE. "And while some banks prevent accounts being raided by this type of fraud, others leave it to unsuspecting customers to spot dodgy payments - even though they can start happening months down the line."

Industry bodies say there are no readily available figures for the number of contactless cards lost or stolen every year, but there were 152,727 cases of fraud involving lost or stolen debit and credit cards reported in 2015.

The UK Cards Association states: "Fraud on contactless cards is rare and considerably lower than overall card fraud. Consumers are fully protected against any fraud losses and will not be left out of pocket.

"As always it is important to check bank or card statements regularly for any unusual transactions, especially if a card has been lost or stolen. When a customer reports a lost or stolen card they will be advised to report any transactions they do not recognise to their bank."

Comments: (5)

Alexander Peschkoff
Alexander Peschkoff - TEDIPAY - London | 09 September, 2016, 12:18

What's the fuss? Consumers are protected, issuers are "OK" with that status quo.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 09 September, 2016, 12:55

There's a lot of nonsense hype in the newpaper coverage but the fuss relates to offline authed contactless cards that remain active until expiry.  That means that a fraudster could enact a transation many months after the card was stolen and the customer has stopped being as vigilant on the account.

Yes they can get a refund but it might go unnoticed.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 09 September, 2016, 13:07

It shouldn't go unnoticed by the bank.  Once a card has been reported as stolen the bank should be able to trap any offline-authed txns that turn up at a later date.  I don't see why it should be up to the cardholder to notice these.

And BTW all contactless cards [should] have a counter on the chip which forces the card to be dipped in a chip and pin terminal after a certain number of consecutive contactless txns.  Therefore its not quite true to say that they will remain active until expiry

3 thumb ups! 3 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 09 September, 2016, 19:14

My bank will stop sending me statements after I cancel my credit card. How the heck do I "comb through months of statements to check for fraudulent transactions" that happen several months thereafter?

2 thumb ups! 2 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 12 September, 2016, 07:22 Dear Finextra mbr: Yes you are right on the trx counter that should allow only a few offline trx. Furthermore, the counter date on when last an online trx was made should block offline trx if no online trx for some weeks. If an issuer allows multiple offline trx to take place months after card cancellation snd slso posts these to the cardholder account, thos is close to criminal neglect! Customers should if so be cautioned before they start using cards from such careless issuers.
1 thumb up! 1 thumb up! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

UK contactless card use overtakes cheques

UK contactless card use overtakes cheques

01 September 2016  |  9592 views  |  1 comments | 20 tweets | 28 linkedin
UKCA charts the irresistible rise of contactless

UKCA charts the irresistible rise of contactless

22 August 2016  |  7646 views  |  0 comments | 6 tweets | 15 linkedin
UK monthly contactless spend tops £1.5 billion for first time

UK monthly contactless spend tops £1.5 billion for first time

19 May 2016  |  5343 views  |  0 comments | 14 tweets | 14 linkedin

Related blogs

Create a blog about this story (membership required)
visit www.response.ncr.comvisit www.finastra.comvisit www.events.sap.com

Top topics

Most viewed Most shared
HSBC hires Biggs to lead business model innovationHSBC hires Biggs to lead business model in...
9843 views comments | 16 tweets | 18 linkedin
ABN Amro tests wearable tech for contactless paymentsABN Amro tests wearable tech for contactle...
9273 views comments | 10 tweets | 6 linkedin
Mastercard eyes opportunities to profit from sharing economyMastercard eyes opportunities to profit fr...
7879 views comments | 6 tweets | 6 linkedin
Body blow for PayKey as Apple orders Westpac off its turfBody blow for PayKey as Apple orders Westp...
7446 views comments | 12 tweets | 14 linkedin
BBVA trains 1000 'ambassadors of design'BBVA trains 1000 'ambassadors of design'
6999 views comments | 15 tweets | 14 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job