Myths of Contactless Payment Security!

For many people, paying with a card is still associated with a “swipe” or a “dip”; however, for the owners of more than 440 million contactless cards accepted in over 9 million locations in 114 countries, they pay with a tap. Contactless cards were introduced to give consumers a safe and simple way to pay that helps speed them through the checkout line. The same technology also backs the ability to pay with a phone. Contactless technology was developed with the mindset of never sacrificing security for convenience. The cards and devices contain an embedded chip and a radio frequency (RFID) antenna that provide a wireless link with the contactless reader.  When the card or device is tapped against the reader, information is transmitted in a highly secure manner within a fraction of a second.

Contactless payment options are appearing everywhere, but many of us are still hesitant to tap. Despite the availability of this technology, consumers aren’t entirely convinced that it’s a secure form of payment. After all, the whole idea of our personal information being transmitted through the air is a scary thought. But with contactless payment information being transmitted wirelessly, some people question whether it’s truly safe. The simple answer: yes.

Here we try to debunk popular myths about contactless payments so that you can go cash free with confidence.

Myth 1 – A thief can easily electronically pickpocket your contactless card to make a fraudulent transaction if a thief approaches with a terminal to you

Reality – In order to get hold of a terminal for setting up such a business, you need to see a terminal provider, which is a financial institution. They will run you through a whole Know Your Customer process. This means that they know who you are: you are identified. Contactless payments are electronic; they can be traced back. Since you are identified, and the payment can be identified, there is a 100% chance to get caught, for only INR 2000 which is the limit set by RBI for contactless transaction. INR 2000, that is the maximum amount in India without a PIN code: Do you think A thief would risk for this less amount

Myth 2 – If a thief does intercept your contactless information, they can create a counterfeit card to use in a store

Reality –  Card details are encrypted. For every individual card transaction, there is a one-time, unique number that is communicated between the card and the terminal. Contactless does not change anything more than the way of communicating information between one device to the other. It does not change the information itself. As such, contactless does not pose any risk whatsoever when it comes to counterfeiting a card.

Myth 3 – Even if a thief cannot counterfeit your card, they can make purchases online or by phone

 Reality – Contactless is nothing more than a feature to enable communication between a card/device and a terminal. It is technology that is only relevant in the physical world. Just like a regular card, a contactless card does not know your name, billing address, or even the 3-digit CVC code at the back of your card. That is right: the card does not know what is written on its front or back. Making a purchase online requires strong customer authentication. Sometimes a card number, cardholder name and 3-digit CVC code are enough. Since these data cannot be transmitted, there is no risk someone gets access to it through contactless communication.

Myth 4 – In addition to stealing your card data, thieves can also steal your identity

Reality – Contactless cards do not transmit any information about the card holder, such as name and address. This information is not known by your card. There is no interest whatsoever to have this information on the card, because it is not required for making a transaction.

Myth 5 – If someone steals my connected watch, he/she can make purchases from my account.

 Reality – Paying with a connected device is made even more secure than contactless cards. It is important to know that the device does not know your card number. What the device knows is a token of your card number, an encrypted alternative number. This is highly encrypted information that first needs to be ‘detokenized’ by a third party, like MasterCard, in order to make a transaction.

On top of that, a smart watch will not be able to make a transaction without:

  • Wearing the watch: the payment feature will be disabled once you take it off
  • Minimum one PIN per day is required in order to make other no-PIN contactless transactions.

Myth 6 – If I put two contactless cards near a terminal, it could charge the wrong card – or even charge me twice

 Reality – When you put two or more contactless cards near a terminal, the terminal will – most likely – charge the first card it sees. That’s why we don’t recommend tapping your wallet against the reader if you have more than one contactless card.

Myth 7 – I could accidentally tap my card against a reader and pay for someone else’s shopping

 Reality – There’s no need to worry about picking up someone else’s bill; most terminals can only read cards when they’re within 10cm, so you’d have to be very close to pay by mistake.

Myth 8 – If my card is lost or stolen, someone could spend my money and I won’t get it back

 Reality – Contactless uses the same level of security as a Chip & PIN transaction, and has certain features that limit fraud. For instance, your contactless card can only be used for transactions under a certain amount – INR 2000 in India. And as an extra security measure, you will also be asked to enter your PIN for transactions amount more than INR 2000

Myth 9 – But it isn’t safe 

 Reality – In actual fact, contactless payments are one of the most secure ways customers can pay. The technology is just as safe as swiping or inserting a credit or debit card. An added bonus is that the card remains in the customer’s hands at all times, so there’s no chance they’ll leave it behind by mistake.

Myth 10 – Apple pay or Google wallet is not secure.

 Reality – When contactless payments first made their debut on smartphones concerns were raised about the security of card details being stored on, and transmitted from, a smartphone. In the case of ApplePay, for example, card details are only transmitted when the phone detects a Chip & PIN machine that is requesting payment, it requires either a passcode, or thumbprint, to complete the transaction, and the 16-digit card number transmitted is semi-randomized per transaction. These features give contactless payments via a phone another level of security in cases where the phone is either stolen, or a receipt is dropped at the point-of-sale terminal displaying the full card number.

 Keep yourself safe from contactless fraud

Contactless payments offer a convenient way for consumers to pay for goods but, like most technology, come with a handful of security concerns that everyone should be aware, but not scared, of.

With that in mind, here are some top tips to help keep yourself safe from contactless-based fraud:

  • RFID-blocking wallets will block any wireless signal from leaving your wallet without your knowledge
  • Using systems like ApplePay and Google Wallet give an extra level of security when paying and don’t transmit your card details without your consent
  • Report any cards that are lost or stolen immediately to your bank.
  • Keep your mobile phones locked using pin or thumbprint to prevent access to contactless payments apps
  • Be in control of your card – Keep your card always with you and never hand over it to someone else while paying using a contactless card machine
  • Regularly check your bank account statements to keep an eye on fraudulent transactions
  • Keep your bank SMS alerts active and report to bank in case you receive SMS for any transaction not done by you.

 

Ajay Wadbudhe

Ajay is a Project Manager in Verinite. Associated with BFSI domain from the start of the career. Believes in "Do what you like". Big cricket fan and loves cooking.