BACKGROUND:
With contactless cards hitting a £100 limit of today, consumers are being asked to risk more than ever. Our security is in the hands of financial service and tech organisations. They must continuously spot patterns, listen to customer concerns, and ultimately take responsibility for getting the balance between security and convenience right amid this significant change.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>The important thing is to highlight that the individuals/end-users of these payment services control access to their card services. eCommerce sites that store payment card services should also be held accountable to regulatory requirements. In the EU/EEA region, strong customer authentication is now a regulatory requirement so those offering payment services need to support the end-users/customer by providing them with strong customer authentication set out by the regulation, which can be achieved through multi-factor authentication. As experts, we must continue to work hard to educate and enable individuals to make strong informed risk-based decisions on how to protect their financials. Increasing the limit may result in increased risks, if the public does not fully understand the threats.</p>
<p>Contactless card payments offer a convenient way to shop, however, raising the limit from £45 to £100 could create new security risks. If a person’s card ends up in the wrong hands or is stolen, a thief could potentially use the card up to five times consecutively before they are asked to enter a PIN. The increase could also increase the risk of thefts and pickpocketing in the UK, so consumers should be on high alert. If you ever lose your card, report it immediately to your bank and ask them to cancel the card. It is also important to scan bank statements to identify any fraudulent transactions and report them to your bank immediately.</p>
<p>While done with the objective of boosting high street shopping, this move means that banks will have to work even faster to identify and block potentially suspicious transactions. Of particular interest will be how much a fraudster can spend in total between each chip and pin verification (expected to be £300). </p>
<p>While we expect that all the necessary precautions will be put in place, there is certainly an added element of risk that will need to be accounted as banks and customers adapt. To address this risk, there are a number of Financial Institutions that are offering their customers the chance to set lower limits, which is a positive step and gives consumers the peace of mind of being in control.</p>
<p>Increasing the contactless limit to £100 is the next logical step in convenience. In the last two years, we have all been forced to prioritise health and safety, instantly making single tap, contactless payments the new normal. But a drive for convenience means security could be overlooked. Are consumers and banks willing to take the risk? </p>
<p>With shopping ramping up again, criminals will already be plotting their attacks. Now consumers will be able to spend up to £300 on a stolen contactless card without facing a security check. Those looking to hit the high streets will be at a greater risk of significant financial loss from theft. While apps like Apple Pay already offer unlimited contactless payments without customers expressing concerns, the risk is different for cards. Apps require a pin, face or fingerprint scan – a layer of security contactless cards simply don’t have. </p>
<p>As such, consumers are right to be concerned. £100 is a lot for some, and a little for others. We also each have a different risk profile. Financial organisations must listen to customers when they design new conveniences, and continually balance this with security. They must be ten steps ahead of fraudsters, identifying their patterns and managing risk. Ultimately, tech companies own the responsibility to protect people’s money, data and identities online. Only this way can consumers make the most of their digital identities.</p>