Myth busting: Are contactless payments safe?

contactless payments

The COVID-19 pandemic has made us more inclined toward digital payments, shying away from the exchange of hard currency due to our newfound hygiene awareness; it is here that contactless payments have quickly become the new norm.

In Europe, Germans are increasingly ditching cash for hygiene reasons, according to Initiative Deutsche Zahlungssysteme e.V, a payment industry organization. In the U.S., more than 50 percent of consumers say they want to stop using cash in favor of debit cards, according to data from California-based Travis Credit Union.

Payment firms are being pushed rapidly into transformation, even as they handle larger transaction volumes, face increased competition and heightened risk factors amplified by COVID-19, according to the World Payments Report 2020 published by Capgemini.

The report predicts that a compound annual growth rate (CAGR) of 12 percent is expected for global non-cash transactions for 2019 to 2023.

Global non-cash transactions surged nearly 14 percent from 2018 to 2019 to reach 708.5 billion transactions, the highest growth rate recorded in the past decade. Asia-Pacific surpassed Europe and North America to become the 2019 non-cash transactions volume leader at 243.6 billion.

The increase was driven by increasing smartphone usage, booming e-commerce, digital wallet adoption and mobile/QR-code payments innovations, led by China, India, and other SE Asian markets (31.1 percent growth).

Last year, nearly 48 percent of in-person Visa transactions were contactless, a figure that is more than likely to rise as an indirect result of the Coronavirus pandemic, Visa reported.

What is a contactless payment?

According to the Secure Technology Alliance (STA), a contactless payment is a payment transaction that does not require physical contact between a consumer’s payment device and a point-of-sale (POS) terminal. 

“The consumer holds a payment device (such as a contactless or dual-interface chip card or mobile device) in close proximity to the terminal (less than 1-2 in. away), and payment account information is transmitted wirelessly, over radio frequency (RF),” STA explained.

The consumer’s contactless payment device can assume a variety of form factors, including cards, Near Field Communication (NFC)-enabled smart phones, and wearables.  Contactless transactions generate a unique code for each transaction.

What are the risks?

However, with any technological advancement, comes a cybersecurity risk.

The main weakness coming out of contactless payments won’t happen in cyberspace but rather in person. Since the payment method doesn’t require a PIN, a lost credit card or stolen device would allow a criminal to have easy access to your account.

Thus, a smartphone without the necessary security features would easily allow hackers to ring up purchases without detection; and because many of these transactions happen without a receipt, it is difficult for the owner to prove the charges were fraudulent.

Contactless credit cards use radio frequency identification (RFID) to transmit the data, and hackers have been successful in making fake scanners or using card skimmers designed to steal data transmitted via RFID.

If a hacker gets the information from the card or wallet, they can create cloned cards. Mobile wallets, on the other hand, rely on near-field communication (NFC) that transmits data within a very close range. 

How are contactless payments safe?

Contactless payments remain one of the most secure ways to conduct financial transactions due to the use of RF technology to send payment account information to the merchant’s POS terminal, instead of requiring the payment card’s chip to be inserted or magnetic stripe to be swiped.

“Contactless payment devices are designed to operate at very short ranges – less than 1-2 inches – so that the consumer needs to make a deliberate effort to present the card or mobile device to the POS reader to initiate the payment transaction,” the report by STA further added.

In parallel, the financial payments industry has designed various layers of security throughout the traditional credit and debit payment systems to protect all parties involved in the payment transaction.

“Most of these protective measures are independent of the technology used to transfer the consumer payment account information from the payment card or device to the merchant POS terminal (i.e., swiping, inserting, or tapping) and are used for EMV chip, magnetic stripe, and contactless transactions,” the report highlighted.

The financial industry uses advanced security technologies both on the contactless device as well as in the processing network and system to prevent fraud. There are different ways financial companies can keep you safe according to the STA:

  • Industry standard encryption: Each contactless device must have its own unique secret key that uses standard encryption technology to generate a unique card verification value, cryptogram or authentication code that exclusively identifies each transaction. No two devices share the same key, and the key is never transmitted.
  • Dynamic data: Every contactless payment transaction includes dynamic data that is unique for that transaction. Stolen or intercepted transaction data can’t be used for other transactions.
  • Authentication: The issuers verify that the contactless payment transaction has a valid card verification value, authentication code or cryptogram before authorizing the transaction. Therefore, at the system level, issuers have the ability to automatically detect and reject any attempt to use the same transaction information more than once.
  • Confidentiality: The processing of contactless payments does not require the use of the actual cardholder name in the transaction. In fact, best practices being used within the industry do not include the cardholder name in the contactless chip.
  • Control: Cardholders control both the transaction and the contactless device throughout the transaction. Cardholders do not have to hand over either a device or their account information to a clerk during a contactless transaction.

The impact of 5G

There is no doubt that the fifth generation of mobile networks will heavily impact the digital payments industry, from faster confirmation speeds, to being able to make larger payments online.

There are four main ways that 5G will impact digital payments according to U.S.-based ISP, Fastmetrics:

  • One-to-one payments: Mobile payments and mobile banking are expected to grow rapidly across the world thanks to the easy access they provide to regions which are out of reach for traditional banking methods.

    With 5G speeding up data up to 3 times as compared to the current 4G network, the overall consumer transaction experience will be improved leading to more and more people relying on mobile payments.

    Even the exchange of a minor sum of money between friends, will take place via mobiles.
  • Contactless and Retail Payments: Facilitated by digital technology, retailers would be able to provide a smarter and more customized payment process to its consumers both online and in-person.

    Due to the high speed connections, consumers would be able to browse through online catalogues. Then apply filters, select, and even try their purchases virtually, before paying for them. All within a matter of minutes. This would lead to a further growth in retail and online payments.
  • Big-Ticket purchases: Purchasing big-ticket items like cars or homes, often require lengthy processes. This can take loan application processing, to credit check and finally loan activation and disbursement.

    5G would help banks combine user data and artificial intelligence in real time to speed-up the end-to-end experience. High resolution streaming capabilities will enable customers to interact with financial consultants giving them more confidence before making any decisions.
  • Transaction Security: 5G will enable the use of multi-modal bio-metric authentication features that rely on different characteristics of a person’s physiology and/or behavior.
    Large amounts of bio-metric data are usually required for authentication. This data then needs to be sent to matching engines which analyze patterns in this data.

With the many technological advancements being developed, it is almost certain that the fourth industrial revolution will change how we make our payments, removing the need for hard currencies as all monetary transactions will switch to numbers on a screen.