Contactless debit cards are widely used in the UK, slowly becoming popular in other countries as well. The feature that distinguishes these cards from regular ones is that they can be used without entering a
PIN if the transaction amount is below a predetermined limit.
This is undeniably convenient, but introduces a risk:
cards could be lost or stolen, and the new holder could make purchases without providing a PIN. European banking regulations (PSD2) mandate that customers be fully refunded by their banks in these cases (as long as no negligence can be proven). While the law is clear regarding liability and citizens' actual contactless card risks, we wanted to explore UK citizens' perceptions in this respect. We conducted an online survey, specifically exploring the perceptions of liability, severity and likelihood of contactless fraud. We discovered that participants' risk perceptions were not aligned with their actual risk. In particular, most participants assumed that they themselves would be liable for any contested transactions. There are clear lessons to be learned - also valid for other EU countries - emphasising the need to ensure that consumers are aware of their rights in this respect.