What are the different types of contactless payment and how secure are they?
Contactless cards have become a popular way to pay for everyday low-cost goods, particularly in a lot of European countries. It’s so quick and easy – not even requiring a PIN number – that you might question how secure the process really is. But don’t worry, there is little to fear as there are a number of security measures put in place by card providers, both on the card itself and the network that processes your payments.
How do I know that paying contactless is secure?
Firstly, each card has a unique ‘key’ that uses encryption to generate a unique card verification value, cryptogram or authentication code. This is used to identify each transaction, and no two cards can share the same key. The key itself is also never transmitted.
Your card issuer then verifies that your contactless transaction has a valid card verification value, authentication code or cryptogram before authorizing the payment. So, if your card issuer thinks there is something suspicious about the payment, it can reject an attempt to use the same transaction information more than once.
Here are a few facts about contactless to reassure you that they are safe:
- Contactless payment devices operate at very short ranges – less than 2-4 inches – so you have to make a deliberate effort to make a payment
- The payment network used to process contactless payments is the same that processes millions of magnetic stripe transactions securely today. So, every time you tap your card, you’re using the same network that has been trusted for decades
- Your actual name is never transferred, so even if your card details were somehow intercepted, the thief couldn’t use them to buy anything else
- A more practical security measure, but with contactless payments, you never need to let go of your card. This means your card cannot be cloned, and you never have to read out or each any account information ever.
Finally, you shouldn’t worry that cardholder information used during a contactless payment transaction could be used by thieves. Each time you use your card, the device generated transaction information changes, so any data stolen would only be useful for that transaction alone. This makes it more secure than traditional card fraud where thieves obtain your long card number, expiry data, name, and CVV number on the back of the card.
Paying contactless with your mobile
The popularity of services such as Apple Pay and Android Pay have allowed many of us to benefit from the convenience of being able to pay at a physical point-of-sale with our mobile phones. This payment method, also known as proximity payment, is initiated from a smartphone that uses Near Field Communication (NFC) technology.
To be able to make a payment via your mobile, you need to store your credit or debit card data in your mobile phone. But don’t worry, your payment data is stored inside a secure element – a chip designed specifically to ensure the security and privacy of your personal and financial information.
What’s also convenient about mobile payments is that you authenticate your payment with just your fingerprint or FaceID.
Biometric Fingerprint cards
Being able to use fingerprint or facial biometrics on our smartphones as a way to authenticate has certainly made it easier and more secure to pay for things. But one downside is that you still have a limit per contactless transaction. Plus, you need to actually have a smartphone to be able to benefit from making such payments.
This is one reason why biometric cards are now being added to the payment mix. With these cards, you can use your thumbprint as an alternative to a PIN or signature at the same in-store chip or contactless terminals you use every day. No more limit on contactless payment transactions! With a simple touch, no need to enter a PIN code on the Point-of-Sales terminal to perform a payment transaction, both in contact mode and in contactless mode. This is enabled by putting a fingerprint sensor right on the body of the card.
The main benefit of the biometric card is security. When you place your finger on the sensor, a comparison is performed between your fingerprint and the reference biometric data securely stored in the card. If your fingerprint matches the one stored on the card, the payment is approved. The fingerprint data never leaves the card, so it can’t be intercepted or stolen.
The card is already being trialled with banks in European counties including the UK, Cyprus and Italy, so it’s just a matter of time for these cards to be deployed more widely.
If you’d like to know more about contactless transactions, here are a few other blogs on the topic to read: