/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

Lloyds gives users control over contactless limits amid fraud fears

Lloyds Banking Group customers will be able to set their own limits when the new £100 ceiling on contactless card payments comes into effect next month.

  9 12 comments

Lloyds gives users control over contactless limits amid fraud fears

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The upcoming hike in the contactless spending limit on consumer debit cards has raised fears that they could become a target for fraudsters, who can escape unchecked for at least five transactions when tapping to pay at high street retailers.

Lloyds says it is responding to customer concerns by introducing new card controls in its mobile app, which will enable users to move the limits in £5 increments of between £30 and £95. Customers will also be given the option to switch off contactless functionality all together, opting for PIN entry at the checkout instead.

Philip Robinson, personal current accounts, payments and fraud and financial crime director at Lloyds Banking Group, comments: “We’ve listened to customer feedback to introduce this option which will allow them to make the most of the £100 limit in a way that works for them.”

The app udpate will be available for customers of Lloyds, Halifax and Bank of Scotland.

Lloyds may be the first to publicise the move but most other banks will also be working to upgrade their apps. Starling Bank first raised the possibility when the uplift to a £100 contactless limited was mooted earlier this year.

Sponsored [Webinar] Operational Resilience in the age of DORA

Related Company

Keywords

Comments: (12)

A Finextra member 

This is a nice additional capability for consumers (anecdotally, the move to a £100 limit seems to raise eyebrows). Customer experience is very often about getting the details right. Good work, Lloyds.

Vivek Joshi

Vivek Joshi Software Engineer at Suncorp Bank

Hi,

 

This is very useful initiative and if possible we would like to know how it is implemented.  We use Coonex switch and HOGAN as back-end processing system.. The contactless limit is stored in the card chip - so how the mobile app allows cutomer to select what the customer prefers?  

A Finextra member 

A good response on an irresponsible move by the authorities´ limit hike that risks to make cards more attractive to pick-pockets and other thieves. Why not a 200 GBP limit or 500? And why did the PSD2 require strong customer authentication at all? Answer: To protect cardholders from fraud hazzle and make it more difficult for criminals to steal monies in the payment system. 

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

From a macroeconomic pov, a ceiling of GBP 100 in a $39K per capita economy does not sound too high compared to GBP 50 / $2K but, nonetheless, kudos to Lloyds for empowering customers to take their own decision by setting their own ceiling.

A Finextra member 

To respond to Vivek’s question, the vast majority of contactless txns in the UK are online, so assume the limit is checked when the txn comes to the issuer for authorisation, & the mobile app controls the individual customer authorisation limit for a contactless txn. there will also be a chip contactless limit, & assume this will remain unchanged & not be customer configurable - but this will only come into play where the issuer is unavailable.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

"vast majority of contactless txns in the UK are online".

Keen to know what contactless means in the context of online credit card payments? AFAIK, online credit card payments involve no contact, whether they're made with a plastic credit card having or not having contactless / NFC tech or not. So, the contactless / tap-and-go ceiling meant for brick-and-mortar payments is not applicable to online payments. Also, AFAIK, online credit card payments have no ceiling as long as they don't end up busting of the credit cardholder's credit limit.

A Finextra member 

Apologies, my terminology was unclear - by online I mean the transaction comes to the issuer host system for authorisation, as opposed to offline where the card itself (as well as any terminal / scheme limits) determine whether the transaction is authorised. This is independent of whether the txn was face to face (chip + PIN or contactless) or remote ((CNP etc).

Vivek Joshi

Vivek Joshi Software Engineer at Suncorp Bank

In my view online transaction limit is not 'contactless limit'.  It is no doubt a welcome measure if it means customer choice to modify online purchase limit but contactless limit ias I see is when a card / mobile phone is used at a physical POS device and the limit up to which no PIN is required.  Only the folks who implemented this initiative can clarify what it is & how it was implemented with the limit being on the chip.  It will greatly help other banks as fraud is not limited to a bank but the whole banking comminity should fight it by exchanging ideas.  Thank you for sharing your thoughts.

A Finextra member 

It's a backend card control which the customer controls through their mobile app.  If a transaction is made which is below £100, it will be accepted by the terminal and will go through to the backend to be authorised and if the transaction is above the limit set by the customer, the transaction is declined.  It's not an online transaction limit, it is specific to the contactless CVM.

A Finextra member 

I assume the limit you are referring to is the Offline Transaction Limit in the chip.  This is still there but is being overriden by the terminal which has an Offline Transaction Limit of zero and is going online for authorisation.  The card limit only comes into play when the terminal cannot go online (such as in certain transportation scenarios).

A Finextra member 

@Vivek I do understand what you are saying of course but it is very complex to send scripts to cards and to ensure scripts have been delivered and actioned.  Much easier to put the card control on the backend, decline the transaction and send the cardholder an immediate push notification as to why that happened.  It is common to the way that all consumer card controls are being implemented.

Vivek Joshi

Vivek Joshi Software Engineer at Suncorp Bank

Thank you Peter for the response, we will take some inspiration now as this is quite useful to do - whatever we can.

[Webinar] Beyond Open Banking – Exploring the Move to Open FinanceFinextra Promoted[Webinar] Beyond Open Banking – Exploring the Move to Open Finance