Contactless fraud is on the rise: Is it worth the worry?

Sean Neary, Financial Services Subject Matter Expert, Featurespace

Protecting customers from contactless payments fraud has been a significant challenge for banks and payments providers over the past decade, as UK consumers have become increasingly used to quick and convenient tapping to make payments. Consumers have adapted quickly to the ease of use of contactless payments, however building confidence in the reliability and security of this new payment method has been challenging.

The volume of contactless payments is soaring, with Barclaycard revealing in June that contactless payments now make up more than half of in-store card payments of up to £30. With this swift rise in contactless payments, card fraud has followed suit, rising 150% from £2.8 million in 2015 to £7 million in 2016 according to Fraud Action UK.

With fraud on the rise, is contactless something you should be losing sleep over? It is a genuine concern for banks, payments providers and their consumers. The good news is that with cutting edge artificial intelligence, improved security standards and protective regulation on your side, there is a great deal being done to better protect customers from opportunistic fraudsters.

How are banks and payments providers battling contactless payments fraud?

Employing the latest technology

To even the odds against fraudsters, many banks are now using cutting edge artificial intelligence to help identify genuine customers from fraudsters in real time, stopping fraudulent payments even when made using contactless methods.

The latest fraud prevention technology uses real-time machine learning and adaptive behavioural analytics to identify fraudsters by detecting anomalies in each individual consumer’s behaviour. Using artificial intelligence, this cutting-edge technology builds a real-time behavioural profile of all the events of each individual customer’s normal activities including spending habits, such as the time of day a card holder normally uses their card, in which shops, and how regularly they do so.

The spending limit on contactless payments means that fraudsters tend to be opportunistic, making a number of payments in succession using a stolen card or buying multiple gift vouchers. If a fraudster makes several contactless payments in shops that a customer does not tend to frequent – or in abnormally quick succession – the machine learning technology immediately identifies the behaviour as unusual and alerts the bank to halt payments on the card.

Improving security standards

Banks have gone to great effort to improve security standards over the past decade to better protect customers from increasingly sophisticated fraudsters. Contactless payments made through smartphones now employ tokenisation, in which sensitive card holder data is substituted for a code during a payment which is then decrypted by the bank.

If a fraudster were to intercept a contactless phone payment, they would receive only the encrypted ‘token’ code and the customer’s details remain safe. Secondly, banks have largely replaced ‘offline’ contactless payments with more secure ‘online’ contactless payments.

Offline contactless payments go through without direct contact with the bank, such as on the London Underground, which typically have fewer layers of fraud detection compared to online payments, where the bank processes the payment directly.

Lastly, most banks and card issuers are now more cautious about taking contactless payments when a customer is abroad. Outside the UK, many banks now verify a customer’s identity when making foreign contactless payments, for example by requiring a PIN code.

Regulating against contactless card fraud

Finally, regulation is helping the fight against contactless payments fraud. From January 2018, EU member states will be required to implement the second Payments Services Directive (PSD2), which will enact significant changes for payment services providers. One change will be to apply a maximum cumulative amount that can be spent between authenticating the identity of a contactless card user. With PSD2 in force, if a fraudster was to spend €150 through contactless, or to make five consecutive individual payments, the fraudster would be blocked at the point of needing to enter a PIN code.

Cause for concern?

Although consumers have embraced the convenience of contactless payments, fraud is a reality that we as an industry need to keep addressing. Fortunately, the incorporation of cutting edge technology, higher security standards and legislation such as PSD2, are on our side, helping us better protect contactless customers in the fight against payments fraud.

Related reading