By Philip Plambeck, Managing Director UK, Computop
The UK’s Financial Conduct Authority (FCA) is reviewing its rules around contactless payments in a move that could dramatically reshape the way UK consumers make everyday purchases. Among the proposals under consideration is the removal, or significant increase, of the current £100 cap on contactless transactions. While the initiative is part of a broader regulatory rethink aimed at driving economic growth and enhancing consumer flexibility, it has raised serious concerns among payment professionals and cybersecurity experts about the potential for increased fraud.
The FCA’s Proposals
The FCA’s proposal is one of approximately 50 measures introduced this year in support of the UK’s economic “Plan for Change.” Earlier this year, the FCA outlined its intent to modernise payment regulations to encourage innovation and reduce friction for consumers and businesses.
Currently, contactless card transactions in the UK are subject to a £100 cap. Any payment above that amount typically requires either chip-and-PIN entry or some form of Secure Customer Authentication (SCA). The FCA is now exploring whether this ceiling can be raised—or even eliminated—entirely.
One option involves allowing firms that implement strong anti-fraud technology to set their own transaction limits, a model inspired by practices in the United States. This would remove prescriptive regulation and shift the focus toward outcome-based oversight, particularly under the FCA’s Consumer Duty framework, which mandates good outcomes for customers.
There is strong reasoning behind this because, according to the FCA, 85% of people in the UK make contactless card payments each month.
Supporters for change argue that a relaxation of the limit would allow for quicker transactions, greater consumer convenience, and a better shopping experience—especially in high-turnover retail environments. The move has general government support, being in line with its efforts to stimulate growth.
Payment Industry Pushback
Despite the potential economic and convenience benefits, the proposal is not without its critics, or risks. Payment service providers (PSPs), including secure payment technology firms like Computop, are concerned that loosening these safeguards could backfire.
One of the primary concerns centres on the technological disparity between contactless cards and digital wallets. While digital wallets—such as Apple Pay or Google Pay—are equipped with built-in SCA, the Customer Device Cardholder Verification Method (CDCVM). Contactless cards, by contrast, simply transmit payment data, with no real-time verification of the cardholder’s identity.
Many PSPs would argue that if the limit is waived, it will be easier to commit fraud by just tapping the card. This vulnerability becomes particularly acute in cases where cards are lost or stolen, as unauthorised users could potentially make high-value purchases with no barriers. Of course, while existing regulation requires firms to reimburse customers for unauthorised payments, they could instead hand over the responsibility for turning off contactless functionality to customers. While this might be a useful feature in ‘risky’ locations such as bars or even retail, it may prove unpopular as soon as a consumer wants the convenience of paying contactlessly on public transport. It also adds to the already onerous administrative burden and stress caused by fraud cases.
Added to this, critics question whether the financial sector—particularly banks that bear the liability for fraudulent transactions—truly supports the FCA’s direction. Many industry voices believe that stepping away from SCA, a regulatory tool introduced precisely to combat fraud, undermines the broader integrity of the UK’s payment infrastructure.
Regulations have been put in place for a reason. Secure Customer Authentication is a cornerstone of safe payments. Removing it—or weakening its implementation—runs counter to the goal of protecting consumers, even if it offers marginal gains in convenience.
Balancing innovation with security
At the heart of the debate lies a fundamental tension between innovation and security. The FCA’s proposal aims to modernise the UK payments system to keep pace with evolving consumer expectations and international competitors. But critics warn that such changes must not come at the expense of safety and trust.
There is consensus, even among sceptics, that the contactless experience could be made more seamless. However, they argue that this should be achieved not by eliminating authentication, but by investing in technologies that preserve or enhance security. Tokenisation, biometric verification, and real-time fraud detection are all alternatives that offer the convenience consumers demand without sacrificing the safeguards that SCA provides.
We would advocate for a more nuanced approach—updating payment infrastructure to accommodate innovative authentication techniques, rather than simply removing existing limits. By doing so, the UK could maintain its strong record on fraud prevention while still embracing the benefits of modern digital commerce.
The Road Ahead
The FCA’s consultation period on the matter closed on 9 May 2025, and the regulator pledged that it would closely examine feedback from all stakeholders, including merchants, consumers, and payment service providers. Whatever decision is ultimately made it will shape the UK’s retail and digital payment landscape for years to come but will it also shake the security-first ethos that has long underpinned its financial system.
