Contactless over £30

I was in a Simply M&S and old habits die hard so when it came to pay and my total was ~£52 I tapped my card on the reader. The cashier reminded me its over £30 and I felt like a bit of an idiot and got ready to insert my card when to my amazement she said it was approved and it just wanted a signature.

Now I don’t know much about the limit and I think its great because I’m always doing this but I thought it was UK regulation that it had to be £30 max. Is that not the case?

I had my phone in my pocket did you see the proximity and trust it?

What are the rules regarding contactless payment and maximum amounts with my Monzo card?

weird, even on MasterCard’s website it says it’s £30 or below

To ensure that using contactless is as simple and convenient as cash, retailers that accept contactless cards do not require you to sign for small purchases (£30 or below).

I know Apple pay can do over £30 but that should be irrelevant in this case
hopefully, someone at monzo can clear this up

Hmm, this shouldn’t be possible on our cards. Get in touch if you would like us to investigate.

Let me explain a bit of what’s going on behind the scenes though.

Contactless is just a method of the card communicating with the terminal. Normally, contactless does not require what’s called a CVM (Cardholder Verification Method).

CVMs are things like signatures, PINs, and so on. They’re used to verify that the person who is currently using the card is authorised to do so. To make contactless quicker and more effortless, it does not require CVM. As an issuer of cards, by not verifying the user of the card, you open yourself up to huge fraud potential so a limit of £20, then £30 was chosen in the UK to limit the damage that can be done with a lost card.

That’s not to say that this is a hard limit, but just what has been chosen in the UK. You will find that this limit does change a bit across the world. To go higher than the limit, a form of CVM is generally required (if supported, instant decline otherwise).

Enter, CDCVM (Consumer Device Cardholder Verification Method), a form of CVM where your device verifies you using some form of PIN, password, fingerprint, iris scan, facial recognition, etc. This is used in all the major mobile payment systems to allow you to make purchases for more than £30 over contactless at merchants who support it (most of them do nowadays).

In some countries, you may see contactless and PIN. This is where you tap your card, then the terminal requests a PIN before taking it to the card issuer to approve it.

Contactless and signature is possible but when PINs exist, we’re struggling to think of why this would be chosen. Misconfigured terminals maybe?

Does this mean that could raise their limit as the fraud potential is lower because we can insta-freeze the cards?

I have also by mistake done a higher value contactless transaction in M&S with another bank’s card and it also went thru.

Is it the same with some parking and vending machines where you introduce card (chip) but don’t type pin (some don’t even have keypads)? Is it same principle than contactless? Is it safe to say that lower value transactions do not require CVM but higher value transactions do, regardless of processing method?

To me if feels that the association between chip+pin and contactless+no-pin is more of an assumed learned behaviour than actual standard/legislation. Feels the equivalent of people still adamantly requesting you sign receipt even though receipt itself says “authorised by chip and pin, no signature required”

If not, why is contactless assumed OK with lower values but not chip? And the reverse of that, why would contactless+pin be any worse than chip+pin?

If I’m not wrong I paid using contactless using my Santander card for M&S and the bill was £32. Didn’t think much of it since it wasn’t massively over £30.

I think you have the right idea there, though it is highly in the merchant’s interest to match what the bank says.

It sounds like M&S have set themselves higher limits than what is normally agreed on. That’s partially on them to decide how much risk they will take on when transactions are above what the bank is prepared to cover.

I’m also pretty sure I’ve gone way over £30 on a contactless transaction and had it approved.

Maybe merchants just aren’t that careful?

This is used by Santander in some ATMs. You tap your card, enter your PIN and withdraw cash as normal. Great peace of mind if your concerned your card might get eaten by the machine!

Hmm, Nationwide allows Android pay use over £30, it asks for confirmation with PIN or fingerprint. That said, I haven’t used it and I’m not sure if I would use contactless for large amounts.

Some companies have chosen a higher limit. Apple for example has no limits

I had this very same thing happen in M&S.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Yes and No.
In Great Britain and Northern Ireland the limit for Mastercard PayPass transactions is £30, but if you go to another country the limit will not be £30 converted into local currency, it will be whatever the national limit is in that country. For example it may be €25 (which is less than £30).

There’s no such limit (anywhere that I know), there’s a CVM waiver limit, but not an absolute limit. I could have swore you reported success using Monzo for over £30 (with successful CVM processing). If it wasn’t you… someone did, and I got very confused.

Yes I have used contactless in the UK for over £30 (where a petrol station in Chelmsford does not apply the £30 limit and instead accepts contactless and signature above £30) but each country does have a floor limit such as £30 which they promote to the public and stores use by default. Quite how many stores ignore it and exceed it I have not seen data on that.

The limit is for not completing CVM processing, your transactions weren’t no CVM, were they? If not, they didn’t ignore it. High value is contactless over the CVM limit, and not everywhere supports that - but it’s totally valid to do so (though many banks will decline if the CVM used is signature).

Also, a ‘floor limit’ is the amount that can be authorised offline. For Monzo, this is (normally) £0.

P.S. I don’t remember when, but I do believe there is a Mastercard requirement coming that all shops must support high value contactless pretty soon.

I bow to your greater knowledge of this field and it’s terminology.

I only used the expression floor limit as that was the term wrongly used on Wikipaedia to describe the national limits in each country.

As for my experience (I knew not if CVM was involved) I found a merchant that took contactless cards without pin or signature £30 or less but contactless card and signature OR chip and pin above £30. I wondered why it did to have contactless and pin

When contactless was first introduced, the no CVM limits and floor limits matched, but as the no CVM amount got higher, the floor limit often didn’t.

And yup, if you were asked for a signature, then signature CVM was selected. Thus making it a valid enough ‘high value contactless’ transaction. I say ‘valid enough’ because I’m surprised Monzo didn’t decline it, preferring you to insert and use offline PIN.

As for the reason contactless chip and PIN wasn’t used, it’s because the terminal didn’t support online PIN CVM. It only supported offline PIN (there’s technically two types, but that’s irrelevant to this), signature and no CVM.

Following Monzo’s CVM list on the contactless interface, online PIN is first priority, and since that wasn’t supported, it fell back to signature.

Offline PIN is not a valid CVM for contactless for obvious reasons (the card is no longer present after you enter the PIN to check it’s right).

I do find Monzo approving signature CVM for contactless transactions in the UK (I’d expect them to be approved in the US, for example) to be slightly odd, as I’d think they’d prefer you to use contact + PIN. But I’m no security expert.