Fraud spike forces bus company to ban online banks and cut mobile contactless limits

It would intresting to learn how the fraudesters are taking advantage of vulernabilites in contactless machines.

I'd like to learn more about this. If people are clever enough to run this fraud, why waste their brainpower on stealing a few free bus journeys. There are fatter targets availabe.

Probably cloned cards  sold for £100 each  - not a bad deal for copy-paste 

You can't easily clone contactless cards. This fraud likely does not require genius... Some bus companies are not using GSM POS so don't process payments until they're at the depot. This means they'll authorise a payment but not actually check the funds are there. As Revolut and Monzo are pre-pay, and don't offer any form of overdraft, it's quite easy to get a card then zero the acount but still hold a valid card with an approval limit only set by the POS. Hence, buying a high-value seasonal ticket on the card is authorised at point of sale, and the season-ticket issued, without there actually being any funds on the card used to pay with... As a scammer, you'll not get rich doing this but it is a fairly easy fraud. This is the same reason pre-paid cards like Revolut are not authorised on flights, or ferries etc.. It was all too easy for fraudsters to buy loads of tat from the onboard duty free without ever having to pay for it.

As a solution, the bus company needs to either upgrade their POS to GSM units (which will add 10-15 seconds in the authorisation process...) or block pre-paid cards, or even just block them only for higher-value transactions which is a middle-ground.

thanks Jim - that was a very useful update - i was familiar with the Airline duty free issue - didnt realise this was the Bus issue -  seems shortsighted not to include an auth capability - but the additional 10-15 second wait could put a huge dent in timetables if bus needs to onboard 20 passengers