Walletmor payment limit

I would post this question in the existing thread but…


Who determines contactless payment limits with the Walletmor? It’s not iCard (I set a 1000 euro limit per transaction). Is it individual stores / chains? Payment processors? Local law? Is it hard-coded in the terminals?

With one exception, all the stores in my area seem to decline payments over 50 euros.

Legislators don’t understand what a contactless payment is, so they currently limit those transactions to €45. Some countries raised it to €100 during the pandemic though.

Contactless payment - Wikipedia.

It doesn’t actually make any sense because contact credit payments also don’t require a pin, but they’re not limited. Even if bad actors were able to skim an exchange mid-transaction, they would only be able to do a replay attack for one or maybe a few transactions. The new secure element systems are very different from the old PAN magstripe systems, but people don’t seem to get that. The ignorance is real

1 Like

Uk is raising it to £100 end of October :slight_smile:

It seems arbitrarily set by the country


Okay thanks.

There are regional “boilerplate” limits which are part of a larger overall security template. The issuers (banks) typically just go with the template… but not always. Also professors can set additional limits based on their own requirements or based on specific merchant request.

That’s kind of why I was wondering, because the “bank” in this case is iCard, and they don’t set no limit. Well they do, but not 50 euros. So someone / something in the middle does.

But yeah, I saw articles stating Finnish banks adopted the 50-euro limit recently. So for them, that figures.

iCard is not actually a bank. They are a neobank which is licensing financial operating regulatory status from another bank… who knows which. I would not be surprised if they had no direct influence over things like limits… But you never know

This whole business is fabulously convoluted. I’m not stupid (not all the time anyway) and I’m really making an effort to wrap my head around who does what, but I still don’t get it :slight_smile:

Oh well. 50 euros it is then. It’s not a problem though: if it’s over the limit, I just ask the cashier to break it down into 50-euro chunks and I pay several times. It seems to work fine. It’s just inconvenient.

I think they do though: why else would they offer to set your own limits?

Best I ask them directly.

They’re not in the business of making it easy to understand. The more convoluted it is, the more opportunities the payment schemes have to extract the vig from another player.

1 Like

Not sure what you mean here but if you’re referring to the customer (you) being able to set a lower limit… that’s fine… what I mean is going above the ceiling limit (upper limit), which is called… confusingly… the floor limit in industry.

Processors maybe?

I was wondering what Professors had to do with payments for a minute. :laughing:

So icard can set limits, the bank they license from can set limits, the processor can set limits, presumably the banking authorities in the country can set limits…

I don’t know if the store can set limits, but they appear to be the only people who can’t, maybe.

Yeah, but what about the Professors? :wink:

Remember to turn in your coursework or they will reduce your limit.

1 Like

So probably the processor then. Unless more parties are involved than I would like to imagine.

I would prefer it the other way. Replay attacks are difficult, have limited scope, and are easily spotted by algorithms already in place to counteract fraud. If you’re using a secure element (contact or contactless) don’t require a pin, and then if there’s any fishy transactions lock them out and send a text or email to the user to confirm. The whole thing should be as seamless as possible, with the security baked right in.

I’d love.for the actual AI fraud detection to be responsive and happen realtime during the terminal transaction, prompting the user for PIN only if there’s something fishy detected

1 Like