Banks pressed on card fraud as FCA weighs limit removal

By Puja Sharma

The UK’s Financial Conduct Authority (FCA) is weighing the removal of contactless card limits, which currently stand at £100. While the move would further streamline everyday transactions for millions of consumers, experts are warning that the decision could come at a steep price, both in fraud losses and in the evolving behaviour of criminals who adapt quickly to new opportunities.

Jonathan Frost, Director of Global Advisory for EMEA at BioCatch, is among those voicing caution. Drawing on his extensive background in law enforcement and fraud prevention, Frost argued that the risks of higher limits should not be underestimated.

“When considering the FCA’s proposal to change contactless limits, it’s important to assess its potential indirect effects. The direct impact is clear, giving consumers greater convenience while maintaining fraud protection.

“FCA estimates indicate the change could cause up to £31.3 million per year in additional contactless fraud, representing a 131% increase. The core question is whether raised limits will trigger long-term impacts, such as shifts in criminal behaviour.

“Given these risks, banks should prioritise the implementation and continuous improvement of real-time fraud detection systems that focus on customer behaviour. Focusing on card usage patterns alone would be a mistake, for instance, evolving criminal behaviour saw remote card losses increase by 22% last year.”

The Fraud Equation: Convenience vs. Risk

Contactless payments, hailed as one of the most significant innovations in modern retail banking, have surged in adoption since the pandemic accelerated the shift away from cash. According to UK Finance, more than 60% of debit card transactions in the UK are now contactless, with the £100 cap allowing consumers to use cards for nearly all daily purchases.

The FCA’s proposed removal of this cap would align with growing consumer demand for frictionless payments. Yet, regulators themselves acknowledge that such a step may embolden fraudsters. Their estimate—fraud losses potentially jumping by 131% underscores the scale of the challenge.

Globally, the picture is mixed. In markets like Canada and Australia, contactless limits have been gradually raised without major disruption, thanks in part to robust fraud detection systems. Meanwhile, parts of Asia have adopted near-limitless tap-to-pay systems that rely heavily on real-time behavioural biometrics and advanced AI-driven monitoring. The European Central Bank has also encouraged behavioural analytics to strengthen defences as fraudsters increasingly exploit weak authentication.

Why Criminal Behaviour Matters

Frost’s focus on the “long-term implications” echoes a wider concern across the financial services industry: criminals do not remain static. When barriers are lowered, fraud schemes often evolve rapidly. Contactless fraud is relatively straightforward, with stolen or cloned cards easily exploited before being blocked. But the larger worry is displacement—criminals shifting toward new, harder-to-detect channels such as card-not-present fraud, account takeover, and deepfake-driven social engineering.

This trend is already visible. According to European Payments Council data, while contactless fraud rates remain relatively low overall, losses from remote purchases (where the card is not physically present) are climbing steadily. In 2023, remote card fraud accounted for nearly 80% of all card fraud in Europe.

The Behavioural Detection Imperative

Traditional fraud detection relies heavily on analysing transaction data—amounts, merchants, geographies, and velocity. But Frost and others argue this approach is no longer sufficient in an era where criminal strategies evolve faster than banks’ defences. Behavioural biometrics, which analyse how individuals physically and cognitively interact with devices (such as typing rhythm, swipe patterns, or hesitations), offer a more adaptive and resilient shield.

Banks in markets like Brazil and Israel have successfully deployed behavioural biometrics to reduce fraud in real time, while simultaneously minimising false positives that frustrate genuine customers. In the UK, adoption is growing, but Frost’s warning suggests that a step-change may be needed if contactless limits are removed.

Striking the Right Balance

For regulators, the challenge is finding the sweet spot between consumer convenience and systemic resilience. Higher contactless limits undoubtedly reduce friction in payments, but if criminals can extract millions more from banks and consumers each year, the benefits may be short-lived.

Frost’s call is clear: the industry must anticipate not just the immediate fraud spike, but the long-term adaptations of organised crime. Without a pivot to real-time behavioural detection, banks may find themselves playing catch-up in an increasingly high-stakes game of digital fraud.

As the FCA reviews its proposal, the debate underscores a broader truth in global payments: innovation and risk are inseparable. The question is whether financial institutions are prepared to stay one step ahead.