Marks & Spencer’s POS Charges Contactless Regardless, At Least Now And Then

Written by Frank Hayes
May 21st, 2013

Some Marks & Spencer customers have reported that the U.K. chain’s contactless payment terminals have taken money from contactless cards even when those cards were still in purses or wallets a foot or more away—and in at least one case, the grabby POS behavior was repeatable.

The retailer just finished rolling out contactless point-of-sale terminals to 644 U.K. stores and reportedly processes more than 230,000 contactless transactions every week. But multiple customers told the BBC that they had the experience of inserting a chip-and-PIN card in the PINpad’s slot, but being issued a receipt for a contactless card that was nowhere near the PINpad. The contactless system isn’t supposed to work at distances of more than about two inches.

One of the customers was able to repeat the card mischarge in front of a Marks & Spencer store manager.

“I put my [chip-and-PIN] card into the reader and the assistant was asking me if I wanted cash back,” the customer told the BBC radio program Moneybox. “Before I could answer, the transaction came up as complete and the till issued a receipt. I hadn’t put in a PIN at all at that stage. I queried it with the assistant and she seemed rather puzzled, and looked at the receipt and compared it to my card and realized that the numbers didn’t tally—in other words, the amount had been debited from a different card, other than the one I put into the machine.”

The customer realized the number belonged to a card in her purse that she hadn’t even realized was contactless. When she explained the situation to a Marks & Spencer manager, he asked her to try to repeat the transaction so he could see it for himself—and again the contactless card in her purse a foot away was charged. The manager reversed out the two charges, and the third try with the chip-and-PIN card worked.

None of this should be a complete surprise. After decades of complaints about how hard it is to get Wi-Fi, Bluetooth and infrared-based device-to-device technologies working reliably, POS and card manufacturers have finally managed to build a technology that consistently exceeds the nominal specifications, in the form of contactless/near field communication. Anywhere else, this would be a triumph. But with the specialized requirements for payments, it’s a problem.

The fact that the problem is occasional suggests that it only happens with certain cards interacting with certain terminals—they just happen to work too well together. The fact that the problem is repeatable is good news from an engineer’s point of view—that makes it a lot easier for the chain to troubleshoot.

It’s still a high-profile problem, though. In theory, the PINpads are supposed to be shielded on all sides except the top. That turns out not to be the case for at least some of the Marks & Spencer PINpads. (We don’t know who the vendor is, or if all the stores were outfitted by the same PINpad vendor.) Is it a quality-control problem? A case where power levels and sensitivity were set too high on some contactless readers? A glitch in a particular batch of cards? That may require a lot of experimenting to determine.

And that’s not the only problem: Those PINpads are reportedly supposed to shut down the contactless functionality as soon as a chip-and-PIN card is inserted. With a card in the slot, how did the contactless work at all? And should the transactions have gone through without the cashier doing anything?

As long as the problems are rare—and they’re investigated—nothing here should be a showstopper for Marks & Spencer’s contactless rollout. But it’s the kind of glitchy behavior that the chain really should stamp out as quickly as it appears. The last thing contactless—and Visa Europe, which is promoting it heavily in the U.K.—needs right now is an urban legend that every time a customer walks past a POS, a transaction will be rung up.


One Comment | Read Marks & Spencer’s POS Charges Contactless Regardless, At Least Now And Then

  1. Shasur M Says:

    Contactless Payments have hit some roadblock or other. Most of NFC and other Contactless payment systems failed to show ROI and advantage over Chip&Pin and MSR devices


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.