According to Sweden’s central bank cash is only used for 20% of payments in shops.
Some shops, cafes and restaurants in Sweden have ceased to accept cash.
This trend has reached the UK. One café in London stopped accepting cash more than a year ago after its owner visited Sweden. According to Ross Brown, of Browns of Brockley, this means his business now works faster and is safer. No more frequent trips to the bank with cash, thereby saving time and a recent break in at the café resulted only in the theft of a laptop whereas thousands of pounds may have been lost if there had been cash on the premises. They are not alone. A growing number of small businesses in the UK are ditching cash.
A recent report by Forex Bonuses, a global trading website, found the U.K. is the third most cashless country in the world, after Canada and Sweden. Debit cards are forecast to overtake cash payments for the first time ever across the country this year, according to trade association U.K. Finance.
Contactless cards, however are not without their dangers for those using them, for the first time contactless fraud has overtaken cheque fraud, which totalled £9.8 million last year. While banks will refund any losses incurred after the card has been cancelled, there are alarming examples of contactless fraud, now the fastest growing area of card fraud in the UK.
One woman noted that purchases had been made on her card. The purchases, all made by someone else, added up to well over £100, but because they had all been under the contactless limit of £30, they had gone through — even though the card had been cancelled.
When she queried this with her bank, she learned that it was a ‘quirk’ of contactless technology. Incredibly, in a small number of cases, a cancelled card used to continue to function for a time and no one was exactly sure why.
The technology makes consumers vulnerable in several ways. Contactless has become the default for nearly all debit and most credit cards in Britain. In the space of three years the number of cards has doubled, from 59 million in the UK in 2015 to 119 million by the end of 2017.
The rise in contactless cards is welcomed by banks and retailers and by consumers too. It is so convenient to just tap the card without imputing a pin. For shopkeepers, there is evidence to say that consumers will spend a bit more because of the ease of purchase and bagging and counting cash and paying it into the bank is both cumbersome and expensive. But the rise in contactless has led to a relentless rise in contactless fraud.
Figures published this month show that losses climbed to £14 million last year, up from £6.9 million the previous year and £2.8 million in 2015, according to Financial Fraud Action UK.
UK Finance, which represents banks and card issuers and also runs Financial Fraud Action UK, says the statistic is to be expected. Fewer people are writing cheques and contactless is very popular. They add that contactless fraud is — in relative terms — a small problem.
Not so, say other financial experts. With £52 billion spent on contactless cards last year, they believe the official fraud figures are a significant underestimate.
Last month Victoria Cleland, chief cashier of the Bank of England, whose signature is on every banknote, said: “I do hear stories of friends — this is a personal anecdote, this isn’t the official Bank view — whose money has been taken off contactless when you walk past something.” She let it be known that she does not use contactless. She went on to say, “And it’s only up to £30. So, I use cash for lower transactions anyway and for big ones contactless wouldn’t work.”
So, can money be ‘taken off’ your contactless card by a ‘digital pickpocket’, standing beside you with a card reader? Some phones can double as a card reader, courtesy of an app called ‘credit card reader NFC’ and in theory at least it would seem quite easy.
To realise how, one needs to understand the technology behind contactless cards. When you tap one on a reader in a shop, or when you get on a bus, your card details are transferred to the reader wirelessly using a radio wave.
The banking industry insists that someone needs to be within two inches of the reader for it to work. But research challenges that claim.
In a study published in the Journal of Engineering in 2013, scientists at the University of Surrey said they had ‘successfully received contactless transmission from distances of 18 to 31 inches . . .’
So, anyone with a hand-held card reader — what waiters use when you pay your bill — could key in sums up to £30 and take money off your card by standing close to you.
In practice, however, nearly all experts say this sort of ‘digital pickpocketing’ is highly unlikely. That’s not because it’s not possible — simply that it’s likely that a criminal would be caught.
Katy Worobec, managing director of economic crime at UK Finance, explains that for someone to get hold of a ‘merchant’s terminal’ — the type of reader retailers use to take cash from your card — would require being registered as a retailer and going through security checks. And anyone who used such a device to steal cash would be traceable. “We have never seen an incident reported, where someone has lost money in that way,” she says.
But stealing cash from someone’s card contactlessly is not the only problem. The biggest threat to consumers is having their contactless card details ‘skimmed’ — when a fraudster doesn’t steal cash, but takes card details — using a simple bit of kit which you can buy, legally, for £20 on eBay. Or even simpler, downloading the app onto your mobile phone and using the phone as a card reader.
It works like this. The latest smartphones have contactless technology in-built so they can double up as contactless cards — so instead of tapping a card on a reader, we can tap our phones. But that same technology also means some phones can double as a card reader, courtesy of NFC credit card reader app It is completely legal and free.
Nigel Swabey, an entrepreneur who runs the mail order company, Scotts of Stow and has an interest in card fraud. believes contactless cards are skimmed on a regular basis — and card details sold to criminals, who use them to either clone a card or make fraudulent purchases.
Such is his concern — and seeing a marketing opportunity — he bought the European rights to an Australian-designed wallet, called Skim Guard, which has a chip embedded into it. It can tell if any device is trying to connect with the contactless cards inside the wallet and jam the signal.
Many other (usually simpler) protection wallets are available, and have been given out by Police Scotland at the Edinburgh Festival, while various councils, including St Albans, have issued them to residents.
The banks continue to dismiss such concerns and claim wallet manufacturers and retailers are just making it look worse than it is but what is not in doubt is that it requires only a very simple bit of kit to read the long card number and the expiry date off any contactless card if you are within a few inches of it.
The banks do concede this is a potential risk, but also maintain that having just the long card number and expiry date is pretty useless to criminals.
“While it may be possible to copy the information off the card, it doesn’t get you anywhere,” says Ms Worobec at UK Finance. “There are very limited circumstances you can use this in. Most retailers require the security, or CVV, number on the back.”
Yes, most online retailers insist you give the CVV code — the three-digit security code on the back of the card which can’t be read by a skimmer.
But not all do — including the UK’s fifth largest retailer, Amazon. You can type in any name and address, provide the long card number and expiry date of a card and buy something of any value — well over £30. The retailer does not necessarily cross-reference the card number with any billing address. Similarly, many non-UK websites do not ask for a CVV.
In a 2015 investigation consumer organisation Which? used a simple card-reading device to skim details off ten cards.
Not everyone thinks the U.K. is set to become a cashless society, however. Graham Mott is head of strategy at LINK, which connects 70,000 ATMs across the U.K. He said 2.7 million people across the country, which has a population of 65 million, still rely exclusively on cash payments.
“It’s going to be a long long time before cash disappears,” Mott said. “From a business perspective, there’s a long way for ATMs to go.”
Data shows low-income and elderly households are some of the most frequent cash users. Mott said LINK’s job is to ensure that cash users across the country still have access to ATMs even as digital payments increase.
“Cash is a very emotional thing,” Mott said. “People like the feel of the cash. It enables them to feel secure.”
Whilst cash may not disappear in the foreseeable future, there is no doubt that technology is racing ahead in payments systems. There are many who believe a cashless society is just around the corner. Carrying cash is not without its safety issues either and very few people or even businesses use chequebooks any more. With new accounting software, such as Xero, synched to business bank accounts, most businesses use such a payment system for bills and for invoicing, saving time and money. Companies like PayPal have made it far more easy and safer to buy goods and pay bills online. Only time will tell, but it is unlikely that the convenience contactless payment affords to all will be stopped by the threat of having your card skimmed.