The rise of mobile and contactless payment fraud
After the first contactless cards were issued throughout the UK in 2007, over the last decade the payment method has surged, and evolved. Contactless card payments with a ‘tap and go’ limit are now useable throughout most of the world, while systems such as Apple Pay and Android Pay have been introduced for the mobile sector. Yet, with the new methods, come a host of different opportunities for fraud.
Financial Fraud Action UK (FFA) has released new figures indicating that money stolen through contactless bank cards and mobile devices has risen by 150% since 2015. While losses are still below the peak of 2004, just prior to the introduction of Chip & Pin in the UK, the increase shows that fraudsters are continuing to find new ways of beating the protective systems in place.
This rise in payment fraud comes with the expectation that devices will increasingly take on roles usually relegated to paper. In a Gemalto survey of 2,000 consumers in the USA, UK, France, Germany, China and Brazil, consumers indicated that they believe devices will double as passports, ID cards, and, increasingly, as a payment tool, by 2025.
As of now, fraud on contactless cards and devices represents just 1.1% of overall card fraud, and the FFA indicates that the larger problem remains around card and PIN theft, which allow for fraudulent transactions at higher values. Only two weeks ago two fraudsters in Japan placed stolen mobile phones on a store’s digital reader 704 times over a 10-hour period, allowing them to purchase ¥4.45 million (£514,000) worth of cigarettes.
Gareth Shaw, a money expert with consumer group Which?, stated: “Card companies must be responsible for striking a better balance between convenience and security.” Security experts in Japan are similarly calling for credit card companies to adopt stricter ID verification measures.
With the increasing trend of mobile and credit card companies marrying functionality with consumer convenience, now more than ever a need exists for updating and reassessing existing cybersecurity processes in order to combat mobile and contactless payment fraud.