Love them or hate them, contactless cards are here to stay, with over £4bn being spent on them every month in the UK. While most providers allow you to opt out, some, such as Barclaycard, don’t. Is this right?
As well as being editor on Which? Money, I write a column for inews.co.uk, where readers can email me questions about money and personal finance. I was recently asked the following:
I’m not keen on contactless card technology, so have asked all my card providers not to provide me with contactless debit and credit cards, preferring to stick with chip and pin, which I think is more secure. All have been happy to do this, except Barclaycard, which is insisting I must have a contactless card. Is this right?
Personally, I love my contactless cards.
I don’t think it’s an exaggeration to say that they’ve transformed everyday spending for those who’ve embraced them. They’ve made it possible to go all week without having to fiddle around for change – and they’ve speeded up many of life’s minor inconveniences, from queues to board a bus, to getting served in a busy pub.
The £30 contactless limit means that most day-to-day payments can be achieved with an instant tap, with chip and Pin only necessary for larger purchases or after a certain number of contactless transactions as a precaution (the number varies by provider).
However, that’s not to say your security concerns are without foundation. Indeed, our investigations have highlighted flaws in the past. For example, in 2015, we were able to easily and cheaply acquire contactless-card technology and use it to remotely steal key card details from a contactless card.
Then, in 2016, we asked volunteers to use their contactless cards on the high street, spending between £20 and £30 each time, and to keep shopping until they were asked for a Pin. We did this to find out how much a thief could spend on a contactless card unchecked.
While most banks asked for a Pin, or blocked the card, after three to five transactions, three debit card providers allowed our ‘thieves’ to spend more than £200 through 10 consecutive transactions in just three hours.
Perhaps unsurprisingly then, some people would prefer not to go contactless.
Most providers allow customers to opt out, although there’s no obligation for them to do so. Barclaycard, however, doesn’t offer non-contactless cards. So if you’re intent on having a non-contactless card, this leaves you with little choice but to switch provider.
Even so, my view remains that there’s no need to worry unduly about security. All forms of payment come with risks and we all balance these with convenience on a daily basis. Chip and Pin, for example, isn’t perfect (a thief could watch you key in your pin), and before that, we used signatures, which could be forged.
It’s also worth bearing in mind that fraud involving contactless cards and devices represents a mere 1% of overall card fraud, according to Financial Fraud Action UK.
While it’s possible that some fraud involving contactless technology is recorded in more generic fraud categories, a low percentage does make sense when you think about it.
Of course, fraudsters will look to exploit any vulnerabilities in technology that they can to obtain card details, but it’s unlikely that they prize the cards themselves in order to make fraudulent contactless payments. After all, most criminals don’t want your cards in order to buy a coffee and a sandwich.
And as with all card fraud, if a contactless card is stolen and used by the thief, your provider must reimburse you, unless it can prove that you were negligent.
A version of this article originally appeared on inews.co.uk.
What do you think of contactless bank cards? Should providers give you the choice to opt out?