Contactless Payment Fraud: the Criminal Fraud Challenge of the Future?
Contactless payment adoption has been on the rise for years. Now, though, with a sudden surge in adoption, could contactless payment fraud become a problem for retailers?
In this post, we’ll examine some of the reasons why consumers are embracing contactless payments. We’ll consider the risk posed by contactless card fraud, and how much this developing threat could cost the payments ecosystem. We’ll also look at what actions merchants should take now to address this problem before it grows out of control.
Why Adopt Contactless Payments?
The recent uptick in activity can be tied to one major factor: the Covid-19 outbreak.
During the pandemic, the idea of a purchasing method that allowed customers to pay without physically touching a payment terminal became very appealing. 26% of consumers described contactless payments as an essential feature for the payments space before the pandemic. By March 2020, the number of consumers describing it as a “table stakes” feature jumped to 38%.
With any technology, the biggest obstacle to widespread use is getting consumers to embrace it. Once consumers do this, they tend to adjust quickly and start to view the new technology as essential. This was the case for EMV chip cards; it will likely be the case with contactless payments.
By 2026, roughly $6 trillion every year will change hands via contactless payments. That’s a 300% increase compared to 2020. More than three-quarters of Mastercard transactions conducted in Europe were already contactless by mid-2020, and the company expects the shift in payment preference will be permanent.
In response to this obvious consumer interest, countries throughout Europe and Central Asia recently increased their limits on the maximum dollar value allowed via contactless payments:
Country |
Old Limit |
New Limit |
Albania |
2,000 lek |
4,500 lek |
Armenia |
12,100 dram |
20,000 dram |
Belarus |
20 rubles |
100 rubles |
Bulgaria |
50 lev |
100 lev |
Croatia |
100 kuna |
350 kuna |
Cyprus |
20 EUR |
50 EUR |
Estonia |
25 EUR |
50 EUR |
Georgia |
45 lari |
100 lari |
Germany |
25 EUR |
50 EUR |
Greece |
25 EUR |
50 EUR |
Hungary |
5,000 forint |
15,000 forint |
Ireland |
30 EUR |
50 EUR |
Kazakhstan |
5,000 tenge |
20,000 tenge |
Kosovo |
15 EUR |
40 EUR |
Kyrgyzstan |
1,525 som |
2,500 som |
Latvia |
25 EUR |
50 EUR |
Lithuania |
25 EUR |
50 EUR |
Luxembourg |
25 EUR |
50 EUR |
Malta |
25 EUR |
50 EUR |
Netherlands |
25 EUR |
50 EUR |
North Macedonia |
750 denar |
2,000 denar |
Poland |
50 zloty |
100 zloty |
Portugal |
20 EUR |
50 EUR |
Spain |
20 EUR |
50 EUR |
Sweden |
200 krona |
400 krona |
Tajikistan |
140 somoni |
200 somoni |
Turkey |
120 lira |
250 lira |
United Kingdom |
30 GBP |
45 GBP |
Uzbekistan |
52,500 s‘om |
250,000 s‘om |
Contactless payments offer benefits in terms of convenience, and can also allow merchants to manage loyalty programs more easily. However, payments using contactless cards—as well as those from mobile devices—are still vulnerable to contactless payment fraud.
New Technologies. New Threats.
Fraudsters move fast to exploit new technologies and practices. That’s why you need to take steps today to prevent fraud losses tomorrow.
What is Contactless Payment Fraud?
- Contactless Payment Fraud
Contactless payment fraud refers to any fraud scheme enabled by a contactless payment method. The perpetrator may employ different tactics to accomplish this goal, such as stealing cardholder information from legitimate users.
[noun]/* kɑn ● tækt ● lɛs ● peɪ ● mənt ● frɔd/
On one hand, it’s true that contactless payments present some security advantages. For instance, if a customer uses an app like Apple Pay or Samsung Pay to complete a purchase, they may utilize two-factor authentication to protect their identity. This doesn’t inherently make the process more secure, though.
Still, cases of contactless card fraud roughly doubled year-over-year back in 2018. Combine that with the higher transaction limits mentioned above, and we see how security could become more of a problem as people start making higher-dollar value transactions, too.
Criminals don’t typically bother with low-dollar-value transactions. They target high-ticket items to get as much out of their activity as possible before they get caught. That mean contactless payments have more or less flown under criminals' radar.
With increased acceptance and new, higher-dollar thresholds for contactless payments, however, we're almost certain to see more fraudsters finding ways to abuse the process for conducting fraud attacks.
Could Contactless Payments Today Mean Fraud Tomorrow?
Most contactless payment fraud conducted so far has been fairly primitive. Consumers are already well-aware of “skimmers” that can steal data from NFC-enabled devices—so much so, in fact, that the threat this tactic poses is actually somewhat overblown. Fraudsters also can’t clone contactless payment cards like they might have done with older magnetic stripe cards.
Fraudsters are smart and resourceful, though. They routinely identify ways to exploit new technologies and policy loopholes before the good guys do.
As technology becomes more sophisticated, it’s likely that contactless card fraud (as well as other forms of contactless payment abuse) will be an increasingly serious problem down the road. Knowing this puts merchants in a unique position, though.
Merchants don’t have to settle for playing “catch up” once contactless payment fraud becomes a major problem. They have the opportunity to be proactive now and address a future problem before it happens.
Be Proactive About Contactless Payments Fraud
Fortunately, many of the same tactics used in conventional card-not-present commerce can apply to contactless payment fraud as well. The key lies in deploying a multilayer solution powered by machine learning and human expertise.
AI-facilitated technologies can examine transactions based on the payment method, location, device fingerprint, and other digital identifiers. So, even without traditional authorization mechanisms like PIN code, you can still positively identify cardholders.
Of course, there’s no singular solution to any problem in the payments space. AI tools must be backed by business best practices like responsive customer service, quick fulfillment, detailed product descriptions, and more.
Even then, there’s still the prospect of chargebacks making it through your defenses. That’s why we recommend implementing tools and strategies to prevent chargebacks whenever possible and challenge invalid disputes through representment.
The Covid-19 pandemic accelerated the trend toward contactless payments. Even before the virus, though, the writing was already on the wall: contactless payments are here to stay. Now’s the time to develop a dynamic strategy to contend with contactless payment fraud, before the problem gets out of hand.
FAQs
How safe is contactless payment?
Contactless payments are generally very secure. If using a mobile payment app, such as Apple Pay, the cardholder can deploy two-factor authentication for even greater security than with a conventional payment.
Can contactless cards be hacked?
Fraudsters can’t “hack” a contactless payment card. There is the possibility that they may be able to skim information from an NFC-enabled card, but this is unlikely. The most probable source of contactless card fraud is criminals bypassing authorization by exploiting vulnerabilities in the technology.
How do you avoid contactless fraud?
For cardholders, we recommend using a wallet or other card sleeve that contains RFID blocking technology. Again, though, the odds that a fraudster will successfully “skim” a card are low.
