19 October 2017
Register now

The never-ending saga of contactless card fraud

09 September 2016  |  11463 views  |  5 tescobank

Security measures for the UK's contactless card programme have been derided as 'chaotic' after it emerged that customers can still be subject to fraudulent transactions up to eight months after reporting lost or stolen cards.

An investigation by consumer Website moneysavingexprt.com has discovered that customers whose lost or stolen contactless cards have been cancelled may need to comb through months of statements to check for fraudulent transactions.

MSE cites the case of subscriber Justin Robson who discovered that his Halifax cards - cancelled by his bank when stolen last November - were used to make a series of fraudulent contactless purchases eight months later.

The problem arises when tap and go card payments are authorised offline by retailers without first going through the bank's filters.

"Our investigation highlights a chaotic system in which banks are powerless to prevent cancelled cards being used by fraudsters, and don't even know when the fraud will end," says MSE. "And while some banks prevent accounts being raided by this type of fraud, others leave it to unsuspecting customers to spot dodgy payments - even though they can start happening months down the line."

Industry bodies say there are no readily available figures for the number of contactless cards lost or stolen every year, but there were 152,727 cases of fraud involving lost or stolen debit and credit cards reported in 2015.

The UK Cards Association states: "Fraud on contactless cards is rare and considerably lower than overall card fraud. Consumers are fully protected against any fraud losses and will not be left out of pocket.

"As always it is important to check bank or card statements regularly for any unusual transactions, especially if a card has been lost or stolen. When a customer reports a lost or stolen card they will be advised to report any transactions they do not recognise to their bank."

Comments: (5)

Alexander Peschkoff
Alexander Peschkoff - TEDIPAY - London | 09 September, 2016, 12:18

What's the fuss? Consumers are protected, issuers are "OK" with that status quo.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 09 September, 2016, 12:55

There's a lot of nonsense hype in the newpaper coverage but the fuss relates to offline authed contactless cards that remain active until expiry.  That means that a fraudster could enact a transation many months after the card was stolen and the customer has stopped being as vigilant on the account.

Yes they can get a refund but it might go unnoticed.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 09 September, 2016, 13:07

It shouldn't go unnoticed by the bank.  Once a card has been reported as stolen the bank should be able to trap any offline-authed txns that turn up at a later date.  I don't see why it should be up to the cardholder to notice these.

And BTW all contactless cards [should] have a counter on the chip which forces the card to be dipped in a chip and pin terminal after a certain number of consecutive contactless txns.  Therefore its not quite true to say that they will remain active until expiry

3 thumb ups! 3 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 09 September, 2016, 19:14

My bank will stop sending me statements after I cancel my credit card. How the heck do I "comb through months of statements to check for fraudulent transactions" that happen several months thereafter?

2 thumb ups! 2 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 12 September, 2016, 07:22 Dear Finextra mbr: Yes you are right on the trx counter that should allow only a few offline trx. Furthermore, the counter date on when last an online trx was made should block offline trx if no online trx for some weeks. If an issuer allows multiple offline trx to take place months after card cancellation snd slso posts these to the cardholder account, thos is close to criminal neglect! Customers should if so be cautioned before they start using cards from such careless issuers.
1 thumb up! 1 thumb up! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

UK contactless card use overtakes cheques

UK contactless card use overtakes cheques

01 September 2016  |  9973 views  |  1 comments | 20 tweets | 28 linkedin
UKCA charts the irresistible rise of contactless

UKCA charts the irresistible rise of contactless

22 August 2016  |  7956 views  |  0 comments | 6 tweets | 15 linkedin
UK monthly contactless spend tops £1.5 billion for first time

UK monthly contactless spend tops £1.5 billion for first time

19 May 2016  |  5775 views  |  0 comments | 14 tweets | 14 linkedin

Related blogs

Create a blog about this story (membership required)
Register now visit www.niceactimize.com

Who is commenting?

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
15853 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8977 views comments | 16 tweets | 23 linkedin
satelliteGates Foundation backs Ripple collaboratio...
8082 views comments | 13 tweets | 10 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
7164 views comments | 9 tweets | 17 linkedin
Santander InnoVentures leads $6m funding round for Mexico's ePesosSantander InnoVentures leads $6m funding r...
6303 views comments | 6 tweets | 3 linkedin

Featured job

Competitive base + commission + benefits
Denmark, Finland, Iceland, Norway or Sweden

Find your next job