• Mark Andreev, COO at Exactly.com


• 06.02.2026 02:00 pm
#ContactlessPayments #FintechInsights

As 2025 drew to a close, the UK’s Financial Conduct Authority (FCA) announced its plan to remove the £100 contactless payment limit, marking a turning point for the industry. From March 2026, banks will be able to set their own limits for customers, allowing for higher or even unlimited contactless transactions, much like digital wallets. The move aims to reflect evolving customer expectations for greater flexibility and convenience. 

As convenience increases, understanding the trust and security implications of this regulatory change becomes critical. What will be the new requirements to retain customer trust in an era of frictionless payments? 

Market context  

Over the past decade, contactless payments have transformed consumer behaviour. According to compiled industry statistics, adoption has surged globally, with 86% of consumers now using contactless payments (Gitnux, 2025). In the UK, the change has been even more dramatic. A recent Statista report showed that by 2025, adults averaged 14 contactless transactions per month, a sharp increase from just two per month in 2015. This trajectory highlights how quickly tap-to-pay has become the default at checkout.

At the same time, digital wallets have already moved beyond the £100 limit, with biometric authentication enabling high‑value tap payments on Apple Pay and Google Pay – a capability now widely accepted across UK merchants. 

The FCA’s decision to remove the cap brings card-based contactless payments in line with the behaviour of mobile wallets, aligning regulations with modern consumer habits. This raises an important question about how this development will interact with broader regulatory shifts reshaping payments.

Physical cards are now beginning to behave more like digital wallets – they're offering higher limits, faster flows and fewer friction points – fundamentally realigning where operational responsibility sits within the ecosystem. 

The regulatory landscape 

As the payments industry accelerates toward a frictionless future, banks face mounting pressure to innovate while navigating an increasingly complex regulatory environment. The push for faster, more seamless payments is reshaping both consumer expectations and the nature of financial crime, forcing regulators to rethink how risk is controlled.

The decision to remove the £100 contactless cap exemplifies this shift. Higher limits increase the value at risk per transaction and amplify the impact of lost or stolen cards and account takeover. What was once a capped risk is now becoming a broader security challenge that cannot be addressed through fixed limits alone. 

The FCA has acknowledged this trade‑off, estimating that lifting contactless limits could result in up to a 131% increase in contactless fraud (IBS intelligence 2025), as criminal behaviour adapts to fewer transaction constraints. Banks must therefore rely more heavily on real‑time fraud detection. 

This change in risk profile helps explain why PSD3 has emerged as a critical regulatory counterbalance. 

PSD3, or the Third Payment Services Directive, is the EU’s next major update to PSD2 and is accompanied by a new Payment Services Regulation (PSR). Announced in June 2023, the package is designed to modernise digital payments, strengthen fraud prevention and reinforce consumer protection while fostering competition. PSD3 builds on the foundations of PSD2, including Open Banking (OB) and strong customer authentication, by closing security and liability gaps that become more pronounced as payment experiences grow faster and become less restricted. 

A central pillar of PSD3 is the reinforcement of security obligations for payment service providers. As transaction values increase and payments become more frictionless, PSD3 and the PSR tighten fraud monitoring requirements, refine authentication frameworks, and clarify responsibility for reimbursement in fraud cases. Rather than relying on preventative caps, the regulation places greater emphasis on intelligence-led and holistic safeguards that allow higher-value payments to operate securely while maintaining consumer trust.

In this context, the FCA’s decision to lift the contactless limit can be seen as complementary rather than contradictory to PSD3. While the removal of the cap increases flexibility and convenience, PSD3 provides the regulatory infrastructure that makes this increased exposure manageable. Together, they signal a broader move away from prescriptive controls and toward risk‑based payment security, where firms are expected to assess and manage fraud rather than rely on fixed thresholds. 

This evolution also reshapes competition within the payment ecosystem. Just as PSD3 aims to level the playing field by granting non‑bank payment providers fairer access to payment systems, the removal of the contactless limit allows fintech companies to differentiate through smarter spending controls, real‑time alerts and advanced risk management tools. For established banks, the message is clear: innovation must be underpinned by demonstrably stronger security capabilities, or they risk falling behind more agile competitors. 

The new challenge: scaling trust in a frictionless payments world 

The removal of the contactless payment cap marks more than just a technical leap; it underscores a broader transformation in consumer expectations, which now require payments to be quick and effortless. Tap-and-go transactions are increasingly becoming the default, and recent analysis from The Business Research Company (2025) forecasts that the contactless payment market will grow from $69.7 billion in 2025 to $140.55 billion in 2029, a 19.2% CAGR that highlights how deeply consumer behaviour is changing.

As tap-to-pay transactions become higher-value, banks must ensure that trust grows alongside convenience. With banks now determining their own contactless limits and assuming greater responsibility for managing risk and reimbursing customers in cases of fraud, this shift raises important questions about the security implications of higher or unlimited contactless payments and how effectively customers will be protected.

Biometric-authenticated transactions and digital wallet payments sit largely outside these constraints, as strong customer authentication is built into the payment flow by design. Physical card payments, however, remain subject to the FCA’s contactless rules, with customers protected against fraud and reimbursed provided they were not grossly negligent and reported losses promptly. As higher contactless limits come into effect, banks and payment providers are under pressure to strengthen fraud controls, while also giving consumers clearer and more transparent ways to manage their own risk - such as setting personal contactless limits or disabling contactless on physical cards altogether.

The parallel between frictionless payments and frictionless trust  

As payment efficiency advances and becomes increasingly invisible to the user, trust must follow the same path. Removing fixed contactless limits represents a broader move from strict controls toward a system capable of intelligently managing risk. In this environment, the challenge for banks not only lies in enabling frictionless transactions but also making sure that protections are equally seamless. 

When security is built in from the start, rather than pushed onto customers, it strengthens confidence without compromising convenience. Those best positioned for the next phase of payments will see frictionless trust as inseparable from frictionless payments, not something to fix once growth is already underway.