Contactless and Mobile Payments: What UK Businesses Need to Know
UK contactless payments explained: £100 limit, Apple Pay, Google Pay, SoftPOS tap-to-pay, NFC, fraud rates, and what merchants need to accept them.
Contactless payments â tap-to-pay cards, Apple Pay, Google Pay, and SoftPOS â account for the majority of in-person card transactions in the UK. For your business, the question is which limits apply, how digital wallets differ from physical cards, and what setup you need.
We cover the £100 per-transaction limit, cumulative PIN rules, how Apple Pay and Google Pay interact with strong customer authentication, SoftPOS options, and what UK Finance fraud data shows about contactless security.
How Contactless Card Payments Work
Contactless payments use Near Field Communication (NFC), a short-range wireless standard operating at 13.56 MHz. When a customer taps a card or phone, the terminal and device exchange an EMV contactless transaction token â a one-time cryptographic code specific to that transaction. No static card number is transmitted.
This tokenisation is built into the EMV contactless standard and applies to all contactless card payments, not just digital wallets. The terminal does not store card data. The transaction is authorised online in real time, meaning the terminal needs an active internet connection.
All modern NFC-enabled terminals accept contactless cards from any scheme (Visa, Mastercard, Amex) without additional configuration. If you have an older terminal, check with your acquirer â NFC is enabled by default on all new UK terminals.
Contactless Limits and Cumulative PIN Rules
The UK per-transaction contactless limit is £100. This was raised from £45 in October 2021. The limit applies to physical contactless card payments at NFC terminals.
A cumulative spending limit applies in addition. After approximately £300 in contactless transactions, the card issuer requires the customer to authenticate with PIN. The exact cumulative threshold varies by card issuer and individual card settings â some banks set it lower.
When a customer reaches the cumulative limit, the terminal prompts them to insert their card and enter PIN. This resets the cumulative counter. You do not need to manage this â the terminal handles the prompt automatically based on the card’s response.
Customers cannot bypass the cumulative PIN prompt. If a transaction is declined at the tap stage, the customer should insert their card. We recommend training your front-of-house staff to recognise this as a normal limit-reset, not a declined card.
Apple Pay and Google Pay at Your Terminal
Apple Pay and Google Pay work on any NFC-enabled terminal. No merchant registration, no additional hardware, no software changes required. If your terminal accepts contactless cards, it already accepts Apple Pay and Google Pay â we cover what that means for fraud liability below.
The difference from physical contactless is authentication. Apple Pay uses Face ID or Touch ID. Google Pay uses fingerprint or device PIN. This biometric step counts as strong customer authentication (SCA) under PSD2 implementation in the UK â the same security level as chip-and-PIN.
Because of SCA, the standard £100 contactless limit does not apply to Apple Pay and Google Pay in the same way. Individual banks may apply their own limits, but the scheme-level £100 threshold is based on the absence of SCA â which your customers provide through their device.
We find digital wallet transactions are faster than chip-and-PIN in practice â no card insertion, no PIN entry, single tap â and fraud rates are materially lower than physical contactless because the customer’s device must be unlocked with biometrics first.
Digital wallets vs contactless cards: the SCA difference
The £100 contactless limit exists because physical contactless cards involve no customer authentication â anyone can tap a lost card. Apple Pay and Google Pay require the customer to authenticate with Face ID, Touch ID, or fingerprint before the transaction is processed. This biometric step counts as strong customer authentication under PSD2, which is why digital wallet transactions are treated differently from standard contactless card taps.
SoftPOS: Using a Smartphone as a Card Terminal
SoftPOS (Software Point of Sale) turns a certified NFC-enabled smartphone into a card terminal. The customer taps their card or phone to the back of your smartphone. No hardware reader is required.
Apple’s implementation is Tap to Pay on iPhone; Android’s is Tap to Pay on Android. Both are available in the UK. If you use SumUp, the rate is 1.69%. Square Tap to Pay charges 1.75%. Stripe via BBPOS charges 1.5% + 20p.
Transaction rates for SoftPOS are identical to hardware reader rates from the same provider. We recommend SoftPOS if your staff are mobile â market traders, event vendors, delivery drivers collecting on delivery â where carrying hardware is impractical.
Standard contactless limits apply to SoftPOS. Transactions over £100 cannot be processed via tap-only and would require the customer to use chip-and-PIN on a separate hardware terminal. Keep this constraint in mind if your typical transaction values regularly exceed £100.
Contactless Payment Methods Compared (UK, 2026)
We have set out the main contactless payment methods available to UK merchants, with limits, authentication requirements, and hardware needed.
| Method | Per-transaction limit | PIN required? | Merchant hardware needed | Fraud protection |
|---|---|---|---|---|
| Contactless card | £100 | After ~£300 cumulative | NFC terminal | Standard |
| Apple Pay / Google Pay | No fixed limit (SCA applied) | No (biometric auth) | NFC terminal (no extras) | High (tokenised + biometric) |
| Smartphone SoftPOS | £100 (contactless rules apply) | After ~£300 cumulative | Certified NFC smartphone | Standard |
| QR code payment | No limit | No | Printed or digital QR | Platform-dependent |
Contactless Fraud: What the Data Shows
UK Finance Payment Fraud Report 2024 shows contactless fraud is lower per-transaction than overall card fraud. Lost and stolen card fraud â where a physical card is used fraudulently after being stolen â is a larger fraud category than contactless-specific fraud.
Digital wallet fraud (Apple Pay, Google Pay) is materially lower than physical contactless fraud. A stolen phone cannot be used to pay unless the thief can also bypass Face ID or fingerprint. Digital wallets are the most fraud-resistant contactless payment method available to your customers.
For your business, the fraud liability position on contactless mirrors chip-and-PIN: if the payment was properly authorised, you are not liable for the fraud. Disputes are handled by the issuing bank under standard chargeback rules.
The main risk is the same as for any card payment: chargeback claims where your customer disputes the transaction. We find this rate is not higher for contactless than chip-and-PIN in practice.
What Merchants Need to Accept Contactless
Any NFC-enabled terminal with an active merchant account accepts contactless cards and digital wallets. All terminals from major UK providers (Square, SumUp, Dojo, Stripe) are NFC-enabled by default.
If you have an older terminal, check with your acquirer â we have seen cases where enabling NFC requires a software update, not hardware replacement.
No merchant registration with Apple or Google is required to accept Apple Pay or Google Pay. Digital wallets are processed as standard contactless EMV transactions. You interact only with your acquirer â not with Apple or Google.
QR code payments are available through PayPal, and some EPOS platforms (Lightspeed, Square) support QR-linked payment flows. UK consumer adoption is lower than in Asia, but it is a zero-hardware option for pop-ups where NFC terminal setup is impractical.
We recommend checking that your terminal software is up to date before assuming all contactless features are active. A terminal you purchased two years ago may need a firmware update â check with your acquirer if you are uncertain.
Bottom line: Any NFC terminal accepts contactless cards and digital wallets â no extra setup needed. SoftPOS covers mobile-staff scenarios at the same rate as hardware.
Frequently Asked Questions
What is the contactless payment limit in the UK?
The UK contactless per-transaction limit is £100. This applies to physical contactless card taps at NFC-enabled terminals. It was raised from £45 in October 2021 to reflect the shift to higher-value contactless payments. A cumulative limit of approximately £300 also applies â after around £300 in contactless transactions without a PIN-verified payment, the card issuer requires the customer to insert their card and enter PIN to reset the counter. The exact cumulative threshold varies by issuer.
Does Apple Pay have a £100 limit like contactless cards?
The £100 per-transaction contactless limit does not apply to Apple Pay and Google Pay in the same way. The standard contactless limit exists because physical contactless cards have no customer authentication â anyone can tap a lost card. Apple Pay requires Face ID or Touch ID before a transaction is processed, which counts as strong customer authentication under PSD2. As a result, individual banks and card issuers may apply their own limits, but the scheme-level £100 threshold is based on the absence of SCA â which digital wallets provide.
Can I accept Apple Pay on my existing card terminal?
Yes, if your terminal is NFC-enabled. All modern UK payment terminals â from Square and SumUp readers to Dojo and Worldpay countertop devices â are NFC-enabled by default and will accept Apple Pay and Google Pay without any additional setup, registration, or configuration. You do not need to register with Apple or Google. If you have an older terminal, check with your acquirer whether NFC is active â it may need a firmware update.
What is SoftPOS and do I need it?
SoftPOS (Software Point of Sale) turns a certified NFC-enabled smartphone into a card terminal â the customer taps their card or phone to the merchant’s phone. Providers include SumUp Tap on Phone (1.69%), Square Tap to Pay (1.75%), and Stripe via BBPOS (1.5%+20p). You need SoftPOS if you have mobile staff who need to accept payments without carrying hardware â market traders, event staff, delivery drivers. For a fixed location, a hardware reader is more practical. Transaction rates are identical to hardware reader rates from the same provider.
Is contactless payment more vulnerable to fraud?
UK Finance data shows contactless fraud is lower per-transaction than overall card fraud. Lost and stolen card fraud is a larger fraud category. Digital wallet payments (Apple Pay, Google Pay) have significantly lower fraud rates than physical contactless because biometric authentication is required before the transaction is processed. For merchants, fraud liability on properly authorised contactless payments sits with the card issuer, not the merchant, under standard scheme rules.
What happens when a customer’s contactless limit is reached?
When a customer’s cumulative contactless spending reaches the issuer’s threshold (approximately £300, though this varies), the terminal will prompt them to insert their card and enter PIN. This resets the cumulative counter. The process is automatic â the terminal handles it without any action from the merchant. Train staff to recognise this as a normal limit-reset event, not a card decline. If the customer does not have their PIN, they will need to use an alternative payment method.
How we put this guide together
UK contactless transaction limit sourced from UK Finance and PSR guidance following the October 2021 increase. Apple Pay and Google Pay SCA classification from FCA PSD2 implementation guidance and card scheme published rules.
SoftPOS provider rates from SumUp, Stripe, and Square published merchant documentation (April 2026). UK Finance Payment Fraud Report 2024 is the source for contactless and digital wallet fraud data.
This is editorial guidance, not regulated financial advice. We have no commercial relationship with any payment provider named in this article.