Anti-fraud specialist SmartSearch has issued a warning following the introduction of new rules that allow banks and payment providers with strong fraud controls to set their own contactless card limits.
Although most major UK banks have confirmed they will maintain the existing £100 limit for now, the new regulatory flexibility leaves the door open to higher limits — or even their removal entirely — in the future. SmartSearch cautions that while the changes are intended to foster innovation and improve consumer convenience, they could significantly increase the potential value of fraud if vulnerabilities earlier in the customer journey remain unaddressed.
The company argues that the ongoing debate around contactless transaction limits risks diverting attention from where much of the fraud actually originates: the account opening stage. Criminals are increasingly exploiting synthetic or stolen identities to open legitimate accounts and obtain genuine payment cards, which are subsequently used to carry out fraudulent transactions.
As contactless payments continue to dominate consumer spending and limits edge higher, each successfully created fraudulent identity becomes more financially lucrative. SmartSearch stresses that without robust identity verification at onboarding, financial institutions may be inadvertently enabling fraud long before a single payment is ever processed.
In response, the firm is urging banks to bolster their onboarding processes with advanced identity verification measures. These include biometric liveness detection to counter deepfake technology, document authentication to flag forged identification, and comprehensive sanctions and politically exposed persons (PEP) screening. SmartSearch also highlights mounting concerns around relay attacks — where criminals intercept and amplify card signals to execute unauthorised payments. While higher contactless limits increase the potential returns from such attacks, the root cause, it argues, remains the same: inadequate verification of who is accessing financial services in the first place.
SmartSearch CEO Phil Cotter said, “The debate around contactless limits is important, but it risks missing where much of the fraud actually begins. With contactless fraud already rising, higher limits could increase losses, but the real vulnerability often starts at account opening, where fraudsters use synthetic or stolen identities to obtain legitimate cards.
“Banks need to look beyond transaction monitoring and strengthen onboarding with robust identity verification, including biometric checks, document authentication and screening. If you get that foundation right, higher contactless limits become far more manageable, even as risks like relay attacks grow.
“Customers can also take simple steps to protect themselves, such as setting their own lower contactless limits through their banking app and enabling transaction alerts to stay in control.”
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
