Contact

If you need more help, please contact us today.

Thursday will see a fundamental shift in the UK’s payment landscape

Ahmer Khan · Posted on: March 18th 2026 · read

Credit Cards and Cash
Ahmer Khan, Partner in the Banking and Insurance team at MHA says:

“As the FCA prepares to implement a fundamental shift in the UK’s payment landscape on Thursday 19 March the removal of rigid contactless limits represents a critical pivot from prescriptive compliance to a more sophisticated, risk-based governance model.

Following years of adherence to a national cap, the FCA is officially devolving the authority to set contactless transaction limits to individual financial institutions. The previous "hard" regulatory ceilings, a £100 single transaction limit and a £300 cumulative spend threshold, will be superseded by a framework that permits firms with robust fraud controls to tailor their own parameters.

This move by the regulator is a pragmatic response to persistent inflationary pressures and the evolving sophistication of digital wallets. While the regulatory "safety net" is being reshaped, the FCA has remained resolute that core consumer protections must endure. Firms will remain liable for unauthorised fraudulent transactions, ensuring that the impetus for rigorous oversight remains firmly with the provider.

From a governance and risk perspective, several facets of this transition require immediate attention:

  1. Consumer empowerment and personalisation: A central pillar of the FCA’s recent guidance is the expectation that banks provide customers with greater autonomy. Leading institutions are already integrating "limit toggles" within their mobile applications, allowing users to self-select their own risk appetite, whether that involves lowering limits to mitigate fraud or raising them for convenience.
  2. The operational reality of merchant infrastructure: Despite the regulatory change, a "free-for-all" on high-value taps is unlikely to occur overnight. Industry bodies, including UK Finance, have clarified that merchant terminals and backend software require staggered updates. Consequently, firms must manage customer expectations during this transitional period where technical capabilities may lag behind regulatory permissions.
  3. Fraud mitigation and SCA integration: The removal of the "rule of five" (requiring a PIN after five taps) does not signal a retreat from Strong Customer Authentication (SCA). On the contrary, the FCA expects firms to employ advanced behavioural biometrics and real-time monitoring to detect anomalies as transaction values increase.

"Looking wider afield this shift underscores a broader trend in UK regulation: a move toward "proportionality." By allowing banks to define their own limits, the FCA is placing the onus on the First and Second Lines of Defence to demonstrate that their internal control environments are sufficiently mature to handle increased exposure."

Ahmer Khan, Partner

For more information

Contact the team

View latest insights

Employee speaking in a meeting
In the community

The Mais Lecture – Words v Action

Jason Mitchell Jason Mitchell Partner
Town within mountains
Insights

Statutory Reviews: where do things currently stand?

James Davies edit James Davies VAT and Indirect Tax Director
Building with clear skies
In the community

Insolvencies not yet filtering into the economy, but this is what businesses must do to future-proof

Liam Short Liam Short Partner
Share this article
Related tags
Industries
Appolinary kalashnikova WY Gh T Lym344 unsplash
Back

Get in touch

Please complete this form and we'll get back to you as soon as we can.

Click here to review our privacy policy
You can email us at [email protected]
City scape
Close

Sign up for news, insights and events

Please provide your details below and select the topics you're interested in. You can manage your preferences or unsubscribe from our communications at any time via the links in the emails we will send you.

Industries
Services

Your details