Anti-fraud specialist SmartSearch has issued a warning following the introduction of new rules that allow banks and payment providers with strong fraud controls to set their own contactless card limits.
Although most major UK banks have confirmed they will maintain the existing £100 limit for the time being, the regulatory shift opens the door to higher limits — or even their removal — in the future. SmartSearch cautions that while the changes are intended to drive innovation and improve consumer convenience, they could also amplify the potential scale of fraud if vulnerabilities earlier in the customer journey are left unaddressed.
The company argues that the broader debate around contactless transaction limits risks overlooking where a significant proportion of fraud actually originates: at the point of account opening. Criminals are increasingly exploiting synthetic or stolen identities to open legitimate accounts and obtain genuine payment cards, which are then used to carry out fraudulent transactions.
As contactless payments continue to dominate consumer spending and limits potentially increase, each successfully created fraudulent identity becomes more valuable to bad actors. SmartSearch stresses that without robust identity verification at the onboarding stage, financial institutions may be inadvertently enabling fraud long before any payment is ever processed.
The firm is calling on banks to bolster their onboarding processes with advanced identity verification measures. These include biometric liveness detection to counter deepfake technology, document authentication to identify forged identification, and comprehensive sanctions and politically exposed person (PEP) screening. SmartSearch also highlights mounting concerns around relay attacks — where criminals intercept and amplify card signals to execute unauthorised payments — noting that higher contactless limits would increase the potential returns from such schemes, even though the root cause remains weak verification of who is accessing financial services.
SmartSearch CEO Phil Cotter said, “The debate around contactless limits is important, but it risks missing where much of the fraud actually begins. With contactless fraud already rising, higher limits could increase losses, but the real vulnerability often starts at account opening, where fraudsters use synthetic or stolen identities to obtain legitimate cards.
“Banks need to look beyond transaction monitoring and strengthen onboarding with robust identity verification, including biometric checks, document authentication and screening. If you get that foundation right, higher contactless limits become far more manageable, even as risks like relay attacks grow.
“Customers can also take simple steps to protect themselves, such as setting their own lower contactless limits through their banking app and enabling transaction alerts to stay in control.”
Copyright © 2026 FinTech Global
