
Trump Administration Executive Order (EO) Tracker
The FCA’s engagement paper on the payments contactless limit is one of its short-term (ie implementable within the next 12 months) pledges under the government’s policy paper containing a three-point action plan for ‘A new approach to ensure regulators and regulation support growth’ (Action Plan) which has now also been published. The government has couched the Action Plan in terms of reducing uncertainty and complexity across the UK regulatory system as part of its wider pro-growth push. As we pointed out in relation to the recently announced plans for simplifying aspects of mortgage regulation – also in the context of the government’s growth agenda - for retail financial services this appears to herald an increasing reliance on Consumer Duty outcomes (see our article here). In the engagement paper, the FCA suggests that with legislative change and wider reform of the strong customer authentication (SCA) requirements for payments in the longer term, it could ‘seek to rely substantively on the Duty, instead of setting bespoke rules for contactless limits’.
The continuing move towards more principles-based financial services regulation could mean more regulatory risk ahead as regulatory boundaries become less clear cut. Tying in with the principles-based approach, firms should also expect increased supervisory activity from the FCA as it focuses more on ongoing monitoring to ensure good customer outcomes and less on enforcement action.
Some other points to bear in mind in relation to potential changes to the contactless limits are:
Hogan Lovells’ depth and breadth of knowledge of the legal, regulatory and policy drivers affecting financial services means we can help you get a grip on events, navigate uncertainty and capitalise on opportunities to shape your regulatory and policy environment.
We have significant experience in supporting firms on regulatory change projects - from undertaking initial gap analysis work, project managing and supporting the implementation of a rolling program of enhancements and operational changes.
The combination of our legal and consulting teams provides you with a full range of services, and clear guidance on how the solutions can be applied within the business. If you would like to discuss how we can help you, please reach out to any of the people listed in this article or your usual Hogan Lovells contact.
On 14 March 2025, the FCA published an engagement paper seeking feedback on potential changes to contactless payment limits. Currently, the limit is £100 per transaction or £300 across multiple payments (or no more than 5 consecutive contactless transactions) before authentication is required. The FCA explains that, for the purposes of the paper, contactless payments are payments that are made without additional payer authentication under this exemption (Article 11 of the Strong Customer Authentication Regulatory Technical Standards - SCA RTS).
The review has been expedited by the government’s pro-growth agenda, and the FCA makes reference to its secondary international competitiveness and growth objective. It suggests that enabling more contactless payments could have positive secondary impacts on growth, through smoother consumer payment journeys resulting in more sales and higher productivity. Innovation and broader growth across the economy could also be supported by additional spending and payments. The development of new payment methods or types of fraud prevention solutions could help stimulate growth and give UK payment firms a competitive edge on the international front. If changes are to be made, both the FCA and firms may need to substantiate whether, in fact, the difference between a contactless transaction and a PIN verified transaction will result in more sales. For example, is there evidence of consumers deciding not to proceed with a purchase if they are asked to input their PIN? In practice, does the time difference between a contactless transaction and a PIN enabled transaction result in lower productivity?
The FCA cites several other reasons for its decision to review the current limits:
The FCA also points out that contactless payment fraud (ie where a contactless card is lost or stolen and then used by someone other than the cardholder to pay for goods and services at a payment terminal) is currently a small part of overall payments fraud, and a relatively small part of unauthorised payment fraud. It refers to UK Finance’s Annual Fraud Report 2024, which found that fraudulent contactless spend totalled £41.5m in 2023, amounting to an increase of 19% on 2022. This was out of a total unauthorised fraud value of £708.7m in 2023. The UK Finance report also states that ‘recent rises in contactless fraud have been increasing at a much slower pace than the expansion in transactions volumes and values, and the fraud to turnover ratio for contactless fraud remains below that for unauthorised card fraud overall.’ What will be difficult to judge is whether any changes in approach will result in changes to this pattern of fraud. Whilst there is considerable stress within the engagement paper on firms taking a risk-based approach and on giving increased control to the consumer in setting their own limits, will this deter potential bad actors from targeting card theft in an environment where contactless transactions are subject to no or significantly higher limits?
There is a brief comparison of international regulatory approaches, with the FCA noting that several jurisdictions do not set regulatory limits and some opt for industry-led limits.
The FCA also sets out how this work fits in with its wider review of SCA in accordance with the 2024 National Payments Vision (NPV). The NPV reinforced the conclusions from the Future of Payments Review about the lack of flexibility of contactless limits as well as confirming the Government’s commitment to revoke the payments authentication regulations relating to SCA in the Payment Services Regulations 20217 (PSRs), enabling the FCA to incorporate aspects of the technical standards into its rules for more agile and outcomes-based rulemaking.
The FCA is considering prioritising reforms to the contactless payments exemption under its existing regulatory framework before considering wider SCA requirements. However, it confirms that it aims to replace the current prescriptive SCA regime, as and when legislation allows. In the meantime, any changes it might make to contactless limits in the short term will be considered in the context of future changes to the wider SCA framework.
The FCA thinks that the existing approach to contactless limits may not be the most effective for preventing fraud. Chapter 4 of the paper sets out a number of questions on specific aspects of how it might approach contactless limits in the future. It is looking for views on the following options for change (but also allows for the possibility of keeping things as they are):
There is some implication that this could be the FCA’s preferred option. It explains that a new risk-based exemption could enable firms to set their own contactless limits for in-person transactions, provided they can demonstrate low levels of unauthorised payments fraud (which the FCA would set reference rates for). It considers this could be a ‘more outcomes-focused approach to regulation’ by enabling firms to manage their fraud risks flexibly while ensuring that firms achieve low levels of fraud. It also points out that there is precedent for this approach within the existing SCA RTS, under the Article 18 risk-based exemption for remote electronic payments (eg online transactions) where a PSP has conducted transaction risk analysis (TRA) although, as noted above, the TRA operates on the basis of transaction limits which are currently £85 to £440 depending on the reference fraud rate.
The FCA suggests that, under a new risk-based exemption for in-person transactions, combined with the Consumer Duty (which requires firms to take into account the different financial objectives of their retail customers), a range of approaches to contactless limits could be delivered in the market. Although firms will bear the brunt of any fraud losses, whether all consumers will take comfort from a risk-based approach may be questioned as some may see the potential for large transactions to be made in a short space of time – even in circumstances where any losses will ultimately be met by the firm and/or the retailer – as a risk not worth taking, especially when they can use a more secure digital wallet.
Options here could include:
The FCA acknowledges that any changes to the limits themselves could create risks and it would need to assess any changes against the criteria in Regulation 106A of the PSRs. It suggests that one way to manage these risks might be to combine a higher single limit with a requirement to apply a risk-based approach.
The FCA is considering the relationship between the Consumer Duty and contactless limits, focusing on areas such as fraud prevention and catering to the needs of different groups of retail customers eg financially vulnerable or digitally excluded customers. If changes are made, firms will need to consider carefully how to deal with these customers. For example, defaulting to higher contactless limits may increase the risk of exploitation of some vulnerable customers in circumstances where the vulnerable customer is less able to set a lower limit.
The FCA suggests that with legislative change and wider reform of the SCA requirements in the longer term, it could seek to rely substantively on the Duty instead of setting bespoke rules for contactless limits. It wants to understand from stakeholder feedback whether it should prioritise change to contactless limits under the existing SCA framework or wait until there is wider legislative reform.
Although there is an implication that the FCA is keen on exploring a risk-based exemption for in-person transactions (see above), it makes it clear that it’s open to considering a range of options and their potential impacts. It emphasises that data and evidence will be ‘critical’ to informing its future policy approach, and encourages respondents to share any relevant data that might demonstrate the potential impacts of regulatory reform.
The FCA also asks whether there is still a benefit to separate exemptions based on use cases, such as the exemption in Article 12 of the SCA RTS for payments at unattended terminals for transport fares and parking fees.
The deadline for feedback on the engagement paper is 9 May 2025, with consultation on any revised standards, rules or guidance to follow.
Authored by Julie Patient and Virginia Montgomery.