Fraudsters are stealing money from contactless payment cards at the rate of almost £27 every minute, raising fears that the technology is becoming a ‘magnet’ for thieves.
Analysis for The Mail on Sunday suggests the security threat is increasing at an alarming rate as the nation’s shoppers turn in droves to convenient ‘tap and pay’ cards and phone apps to ease queue stress.
Spending this way soared last year to above £52billion – double the amount in 2016 according to industry body UK Finance.
Contactless: Spending this way soared last year to above £52bn – double the amount in 2016
Unlike conventional cards, contactless cards contain a special chip that emits radio waves that can be easily read by a payment terminal – and cuts out the extra seconds it takes to tap in a PIN.
But this flexibility has brought penalties – with crooks last year using stolen contactless cards to plunder a total of £14million – a haul that far exceeds the £9.8million stolen using fraudulent or altered cheques.
Card providers offer reassurance to customers that any spending on snatched contactless cards is kept in check because each transaction is capped at £30 – with a further safeguard that after a ‘random’ number of purchases shoppers are asked to enter their PIN to prove a card is theirs.
But no bank will reveal after how many attempts such checks are made. Another problem with stolen cards is that a quirk in the technology means some have been used even months after being cancelled.
Banks blithely say that customers need not worry because any stolen money is swiftly – usually – returned to their accounts.
Martyn James, of complaints service Resolver, says the banks’ attitude to contactless crime smacks of ‘complacency’.
He says: ‘The amount stolen may seem like a drop in the ocean compared to overall annual banking fraud of £732million but given there are limits on the spending, there were still at least 467,000 incidents last year. Probably a lot more if you allow for transactions that were for less than £30.’
Theft victim: Christopher Somes-Charlton
Christopher Somes-Charlton, 58, manager of Palestinian singer Reem Kelani, is not impressed by the banks’ empty promises over security after being a victim of contactless card theft nearing £600.
Eight days ago, Chris, from Notting Hill in West London, had his wallet pickpocketed while out drinking with team-mates from Hampstead & Westminster Hockey Club after their Saturday match.
As soon as he realised it had vanished, Chris contacted Royal Bank of Scotland and John Lewis Financial Services to cancel his three stolen contactless cards.
But when he checked his accounts online the next day, Chris found that the thief had been on a rapid spending spree with his John Lewis credit card. It had been used to carry out 13 transactions in 75 minutes at various outlets including supermarkets Waitrose and Marks & Spencer, many of them for precisely the maximum £30 spending limit.
Last Tuesday, he found that seven transactions totalling £180 had also been made on his RBS cards – appearing on his statement 36 hours after he cancelled them.
He says: ‘This technology is making our wallets a magnet for thieves. They know they can make off with your money easily. Yes, the money – £390 for the John Lewis card alone – will be refunded but it is the sense of violation that makes me uncomfortable as well as the hassle involved. I also need to replace a Network Rail and organ donor card. More should be done to prevent this crime happening otherwise thieves are just laughing at us. These contactless cards make us honeypots to them with greater values available to them than cash.’
He now plans to use only cards without the tap and go feature – though this will require him to return the contactless versions automatically sent out to him as replacements for his stolen cards.
Concerned: Harry Rose of Which? Money
Most banks issue contactless cards by default for new and replacement cards – though many providers such as Santander and RBS will provide the old style chip and PIN cards on request.
Barclays says just one per cent of debit card holders request the older version while its Barclaycard credit card arm only issues contactless varieties on the basis that ‘contactless payments are integral to ensuring our customers are able to pay conveniently, securely and quickly for small value items’.
Chris has reported the incident to the Metropolitan Police which after initial reluctance has now promised to investigate. He says: ‘The pub and many of the shops where the crook used my card must have cameras. They should be able to match this footage with the exact times the purchases were made.’
UK Finance defends contactless cards, saying the losses pale into insignificance compared to online fraud.
It says: ‘Contactless fraud is low with robust security features in place. Customers are fully protected against fraud and will never be left out of pocket, unlike if they lose cash.’
Harry Rose, editor of consumer magazine Which? Money, says he is concerned about the haphazard security responses of banks. He says: ‘Obviously the banks have to balance convenience and security but it is the inconsistency of how many times a card can be used before the PIN is requested that concerns us. Some have high levels of security, including calling a customer if transactions look suspicious while others seem to let the card be used ten times or more.’
John Lewis and Royal Bank of Scotland confirmed they have refunded Chris in full. The card providers would not reveal how often a PIN is demanded but John Lewis said the type of transaction influences any trigger.
Chris has been left disenchanted. He says: ‘Evidently, the banks want to make it as easy as possible to execute payments so that we make lots of them – and they are quite willing to tolerate a high degree of fraud along the way.’
Be card sharp… how to stop criminals making off with your cash
- Do not keep a contactless – or any other type of card – in an easy to access pocket or bag. Consider taking just one card on a night out to limit losses.
- Never hand over a card to a cashier or waiting staff – ask them to bring the card reader to you. This reduces the risk of a card being skimmed and cloned.
- Always check the amount you have been charged and ask for – and keep – the receipt. Checkout staff do not automatically issue one for contactless transactions.
- Be aware that when using contactless at a vending machine or on a bus or train no receipt is issued. Check your statement to ensure the correct payment was taken.
- Guard against a card’s details being skimmed while still in your possession by lining a wallet or cardholder with tinfoil, blocking radio-frequency identification signals to and from your card. Also consider purchasing a custom-made anti-fraud wallet, purse or similar gadget. Security expert Andrew Goodwill, of The Goodwill Group, always uses a protective wallet. He says: ‘It is possible for crooks to download software on their phones that can read your card. It cannot read the security code but many online stores do not require it, allowing crooks to make large purchases with the details they have collected.’
- Act fast if a card is lost or stolen so the provider can cancel it. Keep in a safe place emergency phone numbers for each of your contactless card providers. Report the incident to Action Fraud on 0300 123 2040 or online at actionfraud.police.uk.
- Check bank and card statements regularly for suspicious transactions.
- Review your credit report periodically to help spot any unusual activity. If you do fall victim to fraud, the credit reference agencies such as Equifax, Experian and Callcredit can help repair any damage to your credit history.
- Consider asking for a non-contactless card if you – like the Bank of England’s chief cashier Victoria Cleland admitted recently – prefer to avoid the technology. Not all providers allow this alternative and even if they do, you will have to request it as contactless is the default option.
THIS IS MONEY’S FIVE OF THE BEST SAVINGS DEALS