FCA consultation on contactless limits:
Strategic implications for payments leaders

13 November 2025
by Payments Intelligence

Insight summary

Finding: The FCA’s proposal to remove contactless payment limits could reshape fraud monitoring and customer authentication from 2026.
Why it matters: It offers PSPs flexibility but demands stronger internal fraud controls and greater Consumer Duty accountability.
Who’s affected: Banks, PSPs, merchants, and payment tech providers should prepare to recalibrate transaction risk models and authentication flows.

Introduction

The Financial Conduct Authority (FCA) is consulting on proposals to remove prescriptive limits on contactless transactions, replacing them with a risk-based framework that gives payment service providers (PSPs) discretion to set their own thresholds. The move would represent a significant shift in how UK firms balance convenience, innovation, and fraud prevention in everyday payments.

For leaders across the payments ecosystem — from banks and PSPs to acquirers, fintechs and merchants — this marks a turning point in how regulatory oversight interacts with operational risk and customer experience. Firms should begin reviewing transaction monitoring, fraud controls, and consumer duty compliance ahead of expected implementation in 2026.

Industry impact at a glance

Payment system providers (PSPs)

Opportunity to innovate risk-based authentication while aligning with FCA principles.

For merchants

Expect closer dialogue with acquirers as authentication becomes more flexible.

For banks

Review fraud-detection metrics and Consumer Duty evidence ahead of rule changes.

Background: The current regulatory framework

Currently, the FCA enforces limits on contactless payments through an exemption within the strong customer authentication regulatory technical standards (SCA-RTS). Article 11 of the SCA-RTS stipulates that:

A single contactless transaction may not exceed £100.
The cumulative total of contactless payments, or the number of consecutive transactions without authentication, cannot exceed £300 or five transactions, respectively, before strong customer authentication (SCA) is required.

These limits are embedded in the Payment Services Regulations 2017 (PSRs) and enforce a balance between low-friction transactions and consumer protection. In practice, most UK banks and PSPs align their internal limits with these regulatory standards, although individual customers may set lower personal thresholds.

The current exemption primarily exists to mitigate fraud risks while maintaining the convenience of contactless payments, which constitute a growing proportion of in-person retail transactions. According to UK Finance, in 2024, over 90% of contactless transactions were below £50, and 82% below £25, underscoring the small-value nature of most contactless payments.

Year	Regulatory milestone	Outcome
2017	Payment Services Regulations (PSRs) introduced fixed SCA thresholds.	£100 cap per transaction; £300 cumulative limit.
2020–21	Post-pandemic review of contactless limits (£45→£100).	Consumer adoption of contactless accelerated.
2024	Prime Minister request for review of contactless rules.	Push to align regulation with innovation and growth.
2025	FCA Consultation CP25/24 launched.	Proposal to remove prescriptive limits.
2026 (expected)	Implementation of risk-based model.	PSPs to set limits based on transaction risk.

Card fraud value by value band (2024)

Source: Quarterly Consultation CP25/24

The FCA’s strategic review and consultation

The impetus for regulatory change stems from a request by Sir Kia Stamer, Prime Minister in 2024, that the FCA enhance regulation in a manner supportive of economic growth. In January 2025, the FCA outlined potential steps, including reviewing contactless payment limits, to foster innovation and flexibility within the payments sector.

By March 2025, the FCA published an engagement paper seeking feedback from over 1,250 public respondents and 30 corporate stakeholders, including PSPs, industry bodies, and consumer advocacy groups. Roundtable discussions also engaged stakeholders from the payments, open banking, and retail sectors. Feedback covered five broad policy options:

Introduce a new risk-based exemption for in-person transactions.
Amend the existing contactless limits, including single, cumulative, or consecutive thresholds.
Rely on the consumer duty to guide contactless limits following legislative change.
Maintain the status quo, keeping the current limits.
Consider any alternative options not raised in the engagement paper.

The FCA has now proposed that article 11 be amended to provide PSPs the discretion to process contactless payments where the transaction is identified as low risk, effectively removing prescriptive regulatory limits while maintaining oversight through risk monitoring and the consumer duty.

Global context: how the UK approach compares

While the UK’s proposed model moves toward risk-based discretion, most EU and international frameworks still rely on prescriptive limits under the second Payment Services Directive (PSD2) and its forthcoming successor, PSD3.

For example, EU rules continue to cap contactless transactions at €50 with cumulative thresholds of €150 before strong customer authentication (SCA) applies. The European Banking Authority’s approach prioritises harmonisation and consumer protection over national flexibility.

By contrast, the UK’s proposed system gives PSPs autonomy to define internal limits based on real-time fraud risk — more aligned with outcomes-based regulation seen in markets like Australia and Singapore.

This divergence means multinational PSPs and acquirers may need to maintain separate transaction policies for EU and UK operations, with added operational complexity for cross-border merchants.

Proposed risk-based exemption

The core of the FCA’s proposal is a shift from fixed limits to a risk-based exemption.

Under the new framework:

PSPs may process contactless payments without SCA where the transaction risk is assessed to be low.

PSPs retain the ability to set or maintain their own internal limits, including levels currently in place.

Supervisory monitoring will continue, including tracking fraud levels through REP017 Payments Fraud Reports and other FCA data source

This approach aligns with the FCA’s 2025-2030 strategic priorities of becoming a smarter regulator, supporting growth and innovation, and safeguarding consumer outcomes.

Data insights and industry feedback

The engagement revealed nuanced views across stakeholders:

Public sentiment: 78% of consumers surveyed in the engagement paper supported maintaining the £100 single limit in the short term, citing concerns over fraud and vulnerability.
Industry sentiment: 56% of PSPs preferred no immediate change to the limits, while 20% supported modifying the thresholds. Most respondents emphasised that short-term limits remain appropriate but welcomed longer-term flexibility, particularly for cumulative and consecutive limits.

`Fraud data underpins much of the discussion. UK Finance estimates that contactless fraud is currently 1.3p per £100, significantly lower than the 6p per £100 observed for all unauthorised card fraud.

While the majority of fraud occurs above the current £100 single limit, digital wallets without limits have a higher incidence of fraud than contactless cards. These figures highlight the risk-mitigation incentives PSPs already have, as they remain liable for reimbursing unauthorised payments under the PSRs.

The core of the FCA’s proposal is a shift from fixed limits to a risk-based exemption.

Under the new framework:

PSPs may process contactless payments without SCA where the transaction risk is assessed to be low.

PSPs retain the ability to set or maintain their own internal limits, including levels currently in place.

Supervisory monitoring will continue, including tracking fraud levels through REP017 Payments Fraud Reports and other FCA data source

This approach aligns with the FCA’s 2025-2030 strategic priorities of becoming a smarter regulator, supporting growth and innovation, and safeguarding consumer outcomes.

Industry voices

"Making a payment with a contactless card is quick, easy and secure—76% of people already do so at least once a month. Our proposals will provide a flexible, risk-based framework for banks and payment firms, maintaining strong consumer protection and ensuring there is scope to adapt to future technological developments. Many providers already allow customers to set their own contactless limits."

"The FCA's proposal to remove the £100 contactless payment cap is timely, but it must be paired with robust, real-time fraud prevention measures. In the UK, synthetic identity document fraud in financial services increased by 21% year-on-year, reiterating the need for stronger safeguards. Without adaptive verification systems and continuous monitoring, PSPs risk exposing consumers to increasingly sophisticated fraud tactics. A proactive, risk-based approach is essential to maintain trust and compliance."

"For those using phones to make payments, we live with no cap, yet many who rely on physical cards worry about loss or theft. However, with sophisticated fraud solutions available in the market, cardholders should feel protected and can set their own limits. Ultimately, it comes down to educating cardholders about their options and empowering informed decisions — critical to building consumer trust in the evolving payments ecosystem."

"By removing the £100 contactless limit, the FCA is pushing risk ownership back to issuers and acquirers. Now, firms must decide, in real-time, how much trust to extend with every tap. That rewards institutions with mature fraud and data infrastructure, and exposes those still dependent on fixed thresholds or legacy rule engines. The winners will be the ones who can analyse device and behavioural signals on the fly, spot anomalies, and adapt their controls automatically as patterns change. If you're not leveraging modern tools like machine learning and AI, you're really at a disadvantage."

"The FCA's shift from prescriptive £100 contactless limits to risk-based thresholds promises flexibility but risks confusing consumers when issuers and acquirers inevitably adopt different limits. With fraud at just 1.3p per £100—well below overall rates—raising limits seems justified, yet a consistent national ceiling would preserve confidence. Nobody wants checkout declines or confusion. A staged crawl-walk-run approach, monitoring fraud at each increase, surely beats the proposed free-for-all that risks fragmentation of the market."

"Contactless is ubiquitous. Over time, it would be natural to reconsider the value that should trigger a PIN-entry to seek an individual’s transaction authorisation. However, feedback from both consumers and issuers suggests that fraud and vulnerability weigh heavily. In addition, these proposals may result in widely varying consumer experiences, which would probably result in widespread confusion among merchants and cardholders alike. These are changes not to be undertaken lightly!"

Implications for PSPs

For PSPs and financial institutions, the proposed framework offers strategic flexibility:

Operational optimisation: PSPs can now align limits with their internal fraud models and customer usage patterns. Transaction risk assessment may consider factors such as payer behaviour, location, and historical spending patterns.
Innovation enablement: By removing prescriptive thresholds, firms may deploy advanced fraud detection systems, integrate digital wallets, and explore account-to-account in-person payments.
Customer-centric strategy: Firms may enable consumers to set personal limits or opt out of contactless entirely, supporting compliance with the consumer duty and delivering tailored customer outcomes.
Risk management: While limits are discretionary, PSPs must continue to monitor low-risk transactions and maintain robust SCA processes where fraud risk is elevated.

The FCA emphasises that firms will likely maintain current limits in the short term, given technical challenges in updating point-of-sale terminals and limited appetite for increasing thresholds. Moreover, the majority of transactions fall well below £50, indicating minimal immediate operational disruption.

Market and economic considerations

The FCA positions this reform as a mechanism to support economic growth and competitiveness:

The exemption allows PSPs to respond to inflationary pressures and evolving consumer spending behaviour.
By fostering innovation, the framework aligns with the FCA’s secondary objective of promoting growth and UK competitiveness, particularly as digital wallets and mobile payments gain traction. In 2024, 57% of UK adults were registered for at least one mobile payment service, up from 42% in 2023, reflecting a significant shift towards digital, tap-and-go payment methods.
The risk-based model maintains low friction at points of sale, supporting retail efficiency and potentially increasing transaction volume.

The FCA estimates that increasing both single and cumulative limits to £150 and £450, respectively, could increase annual fraud by £31.3 million over three years, a 131% increase relative to current contactless fraud rates. However, this represents a worst-case scenario and is mitigated by PSP liability, transaction monitoring, and the consumer duty. The FCA considers this risk unlikely to materialise given current PSP incentives, technological advances in fraud detection, and evolving payment patterns.

Equality, accessibility, and consumer protection

The FCA has carefully considered the impact of removing prescriptive contactless limits on consumers with protected characteristics. Respondents highlighted potential concerns for older adults, those with disabilities, and vulnerable populations, who might face higher fraud risks or accessibility challenges.

The proposed guidance underscores that PSPs should:

Consider consumer needs, particularly for those with low vision, mobility issues, or other accessibility challenges.
Allow customers to set individual personal limits, delivering better outcomes and mitigating potential risks.
Maintain monitoring and fraud prevention mechanisms to safeguard all users.

This approach ensures that consumer duty obligations remain central while allowing firms the flexibility to innovate.

Technical and regulatory implementation

The FCA plans to implement the new risk-based exemption immediately upon publication of final rules and guidance. Key points include:

Amendments to Article 11 of the SCA-RTS: PSPs can exempt low-risk contactless transactions from SCA.
Minor updates to guidance in chapter 20 of the approach document: outlining risk assessment, limit-setting discretion, and consumer duty compliance.
Retention of article 12 exemption for ticket gates and unattended terminals, recognising operational constraints.
Supervisory monitoring through REP017 payments fraud reports and other data sources.

The FCA also anticipates minimal costs for PSPs, given the likely retention of existing limits in the short term and the incremental nature of potential technical updates.

Strategic recommendations for payments leaders

For senior payments executives, the FCA’s proposals create both opportunities and responsibilities:

Leverage data-driven risk models: Use transaction-level data, behavioural analytics, and location intelligence to dynamically assess low-risk transactions.
Maintain fraud oversight: Even with flexible limits, PSPs are liable for unauthorised payments and must maintain robust monitoring to comply with PSRs.
Enable consumer choice: Consider offering customers personalisation of contactless limits, improving satisfaction and demonstrating compliance with consumer duty.
Explore innovation: Use the regulatory flexibility to develop new in-person payment methods, integrating digital wallets, wearables, and potentially account-to-account payments.
Monitor market developments: Track digital wallet adoption, inflation trends, and changes in transaction sizes to optimise operational and fraud strategies.