The total amount of money stolen from contactless bank cards and mobile devices has soared almost 150%, according to new figures from Financial Fraud Action UK (FFA).
Nearly £7 million was fraudulently spent using contactless technology in 2016, compared to £2.8 million in 2015.
With a contactless card you can make ‘tap and go’ payments of up to £30 without entering a PIN, but there are concerns around the safety of this payment method.
Are contactless payments safe?
Despite the increase in the amount of money stolen through contactless technology, the FFA maintain that this method of payment remains relatively safe.
It says fraud on contactless cards and devices represents just 1.1% of overall card fraud.
The figures translate as a loss of 2.7p for every £100 spent, which is actually a fall from 3.6p in every £100 spent in 2015.
The FFA says the larger problem revolves around card and PIN theft, allowing criminals to make fraudulent transactions for higher values in shops.
Major security flaw
However, a significant security loophole in the contactless system was revealed earlier this year that leaves users exposed to fraud.
The security flaw lies in whether a contactless payment is processed ‘online’ or ‘offline’ by a business.
When payments are processed online, the card machine instantly contacts the customer’s bank to check for sufficient funds and, if a card has been cancelled, it will be flagged – so there is less risk of fraud.
However, if a payment is processed offline, the card machine stores up a batch of payments to process online later. This process is allowing criminals to get away with using stolen contactless cards long after they’ve been cancelled.
What’s more, some banks don’t inform customers when their cancelled card is used and don’t check whether it was the customer who made the payment.
This policy puts the onus on customers to spot fraudulent payments and get a refund, when it should be something the banks are looking out for.
MPs from the Commons Treasury Select Committee have put pressure on the regulator to get banks to act on the flaw.
The Financial Conduct Authority (FCA) has agreed to take action to close the security loophole, but the UK Cards Association says that implementing measures to protect users will take until the end of June.
John Griffith-Jones, chairman of the FCA, wrote in a letter to the Commons Treasury Select Committee set out the action it will take to better protect contactless card users.
He stated its top priorities were to "remove any onus on customers to identify fraudulent transactions" and to work on "technical enhancements to reduce the likelihood of post-cancellation contactless fraud" with the industry.
He also said the FCA was exploring making sure the option to not have a contactless card was made more visible during card issuing and providing more information on the clearing times for contactless payments.
How to keep safe
[ADVERT] If you are worried about contactless card here are a few steps to ensure you are using them safely.
Use a foil-lined wallet
There is some evidence that fraudsters are using contactless card readers to steal details from people to perform transactions in certain online stores.
There are now a range of 'contactless protectors' which are made of a metal case, which can help keep this information safe from scammers. However, tin foil is also known to be just as effective at preventing the card from being read. Read: How a foil-lined wallet can protect you from fraud for more.
Never hand over your card
The UK Cards Association best practice guidelines states the card ‘should always stay in the customer’s hand’.
But often servers at pubs, restaurants, bars or shops will reach out to take your card and tap it themselves.
While this may be an innocent gesture it could also be a crafty way to ‘skim’ your card details from the magnetic strip.
Check your statements
You should regularly check your statements for suspicious transactions. If you spot any get in touch with your bank to challenge them.
Just say no
Banks are really keen for us to take up the technology, so most will issue contactless cards unless instructed otherwise. If you are worried about contactless card safety, see if your bank will issue you with a new card that doesn’t have this feature.
Lloyds, Halifax, HSBC, Nationwide, Santander, TSB and Barclays say they give customers a choice at sign up and would swap a contactless card for a contact card if a customer requested it.
Just Barclaycard, Royal Bank of Scotland and NatWest only offer contactless cards and customers don’t have the choice to opt out.
What to do if you fall victim
If you lose or have your contactless bank card or payment device stolen, contact your provider immediately to cancel the card.
You should continue to monitor your statements daily to keep track of any contactless spending that isn’t yours and report it to your bank.
Fraudulent activity via contactless cards are protected by the same rules that apply to other card payments.
So, if you fall victim your bank should refund you the money as long as it wasn’t down to your own negligence.
Remember even though payments don’t require a PIN, card issuers will limit the number of contactless transactions that can be made in a day before a PIN is asked for to prevent fraud.
For more check out our guide: Mobile and contactless payments UK: how do they work, how safe are they and how much can you spend?