Are contactless cards putting your cash at risk?

New figures show the number of 'taps' is soaring, with one in four of all payments made without a pin. But the system behind it has been described as 'chaotic'

By Felicity Hannah
Wednesday 18 January 2017 14:53
comments
A viral image of an alleged pickpocket using a contactless card reader. But the industry denies the rise of  tap payments  puts our cash at risk.
A viral image of an alleged pickpocket using a contactless card reader. But the industry denies the rise of tap payments puts our cash at risk.

The latest figures from the UK Cards Association show that 325 million purchases were made using contactless debit and credit cards in November last year, accounting for one in four of all card payments.

There are now 101.8 million contactless debit and credit cards in circulation in the UK and nine out of 10 contactless transactions are made using debit cards, directly connected to people’s current accounts.

Richard Koch, head of policy at the UK Cards Association, says: “With 125 taps every second in the UK, it’s clear that people are opting for contactless when they are at the till. No longer is it just for the lunchtime sandwich, consumers are using their contactless cards wherever they go – for the grocery shop, in clothes stores, and, increasingly, for the commute too.”

Yet, while the cards are becoming increasingly popular, consumers still have questions about how safe they are. Research carried out on behalf of personal security company Vaultskin suggests that around 80 per cent of consumers are worried about the risk of identity theft – and there could be good reason for their concerns.

Digital pickpockets

Last year an image purporting to show contactless card digital theft went viral. It showed a man on a crowded train holding a card terminal and supposedly using it to extract contactless card payments from the wallets and pockets of nearby travellers.

The fear was that an unscrupulous fraudster could use a point of sale terminal to steal up to £30 a time simply by pressing it close to people’s wallets. Unless victims checked their bank statement carefully and remembered every genuine transaction, it would be impossible to spot such theft.

However, the threat of digital pickpocketing turned out to be far lower than people believe. In fact, the UK Cards Association has declared that there have never been any confirmed reports of money being “stolen” from a contactless card while it’s still in the cardholder’s possession in the UK.

This is because a retail account is needed to get any money from a card payment, and there are security checks that have to be followed before such an account can be set up. New accounts in particular are monitored for suspicious activity and every card payment is traceable.

What’s more, for a payment to be taken the contactless card has to be used in a specific way. It can only be a few centimetres from the card reader and it can’t be near any metal objects such as keys, mobile phones or other contactless cards.

That does make “digital pickpocketing” unlikely, unless the card itself is stolen. However, that’s not to say the cards are completely without risk.

Safety breaks

Two key protections with contactless cards are the £30-per-transaction spending limit and the need to enter a PIN after a certain number of transactions. However, there’s evidence that not all banks are upholding this safety check.

Which? “stole” 12 contactless cards from volunteers in the autumn of 2016 and made repeated purchases on the high street until asked for a PIN. Three banks – Barclays, the Co-Operative Bank and TSB – allowed the volunteers to spend more than £200 in 10 consecutive transactions in just a few hours without prompting them to enter a PIN.

Of course, banks and building societies do refund fraudulent transactions; however, there have been occasions where victims of fraud have waited many weeks to have their money returned.

Even more worryingly, it seems that contactless cards may continue to work even after they have been cancelled. A loophole in the technology’s security means that victims of fraud must continue to check their statements for many months after their card is stolen, even once they have informed their bank.

This is because some retailers store offline payments in batches, processing them together at a later point rather than contacting the bank immediately a purchase is made. Unfortunately, this means a fraudster using a stolen card can sometimes continue to make purchases without being flagged, leaving consumers baffled and frustrated.

Consumer affairs website MoneySavingExpert warned that the system is “chaotic” and that some banks can’t prevent the fraud. With increased technological convenience comes increased incentives for fraudsters to hack accounts, so it’s essential cardholders regularly check their spending to ensure it is all legitimate.

Jody Baker, head of money at comparethemarket.com, recently warned that cyber-attacks are an increasingly popular way for thieves to steal from debit and credit cards, with 4.5 million people being forced to cancel cards in the 12 months to September because of online fraud.

She said: “With so many of us shopping and banking on the internet, combined with a rise in contactless payments, it is more important than ever to be vigilant when managing your money. It is a good idea to regularly check your bank statements for any unusual activity as criminals often make small but regular thefts which are harder to spot than larger one-off purchases.”

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments