Contactless cards: Opt-in or opt-out?

Australia is toying with the idea of creating an opt-in function for contactless cards, in a move that highlights the problems around coping with new payment technology and how fraud risks are handled. A parliamentary committee has told the government that banks ought to seek customers’ consent before activating the contactless function on payment cards. Lawmakers accepted police recommendations that tap-and-go cards were behind a rise in deception offences.

Victoria Police said contactless cards caused a spike in low-value fraudulent transactions of up to 100 a week, noting concerns on several fronts. First, they felt that the perception that credit card fraud is a victimless crime is driving offences, while the technology motivates the theft of credit cards as there is little risk of being caught.

“The major banks provide a Zero Liability Policy to customers who are victims of fraudulent transactions. This policy is clearly advertised in conjunction with ‘Tap and Go’ technology. Widespread promotion of the Zero Liability Policy is expected to motivate offenders who are likely to see that the victim will not be at a personal loss,” the parliamentary report said.

Fraud losses on contactless cards are actually rather low, falling below the level seen for almost every other payment channel. Low transaction limits mean the appeal to serious fraudsters is not great. Periodic checks by issuers – for example after every five contactless transactions a PIN is requested – mean there is a limited shelf life from a stolen card.

Australia is in a slightly different position to many other countries as the transaction limit is higher than most – AU$100, which is about US$70. In the UK it’s £30,or about US$46. Even then, however, Australian fraud losses from contactless cards are low. While overall card fraud losses totalled 58.8 cents in every A$1,000 spent (5.88 per cent), it’s estimated that contactless losses are around half that figure.

Legal constraints

So why is Australia so keen on tackling this area of fraud when it’s not the most important area for the industry? Contained near the end of the parliamentary report is a paragraph that touches on the wider problem of regulation for the industry that extends well beyond a debate about contactless cards:

“The committee shares the concerns of law enforcement agencies that the rollout of new technology without consultation with law enforcement agencies has the potential to become a driver of financial related crime,” the report said. “The committee believes that banks and other financial service providers ought to consider law enforcement issues more carefully, and to facilitate discussions with law enforcement about new technologies prior to rollout.”

In other words, banks and payment service providers ought to check first before they roll out a new service or product. This is probably not the approach that we are used to – did Barclays check with the police before launching its ATM?

All new payment technologies are probably vulnerable to some fraud; the question is whether it’s still an improvement, overall, on what’s already there.

In the case of contactless cards, we can let the figures do the talking: Australia leads the way for contactless usage, according to research by RFi Group, with 53 per cent of adults having made a tap-and-go transaction. This places the country top of the table and ahead of leading lights like the UK and Singapore. More recent research by Visa puts the figure at 62 per cent of cardholders having made a contactless transaction.

Australians clearly see the benefits of contactless payments but if you have to opt in, far fewer people will use this feature and fraud is unlikely to be much affected. In payments, we should ask for forgiveness, not permission.