An increasing number of banks are issuing contactless chip cards which, instead of being swiped through a card reader, communicate with the card reader via near field communication (NFC) technology. However, many merchants (and consumers) are concerned about whether contactless payments are secure. Reviewing the answers to these four frequently asked questions (FAQs) about contactless payment security will help you to better understand the issue — and allow you to accurately respond to any customer inquiries about it.
Contactless Payment Security FAQ #1: Are contactless payments secure?
Answer: The microprocessor chip embedded in traditional and contactless chip cards generates a cryptogram, which is a short piece of encoded text that masks and, therefore, protects payment information. The chip also creates a difficult-to-forge digital signature when the transaction is executed at the point of sale (POS). Criminals that may find a way to steal the encrypted information cannot identify you, and they cannot decrypt or use your payment card data. They also cannot produce fraudulent cards. The microprocessor chip is virtually impossible for criminals to duplicate.
For further security, issuers verify that every contactless transaction has a valid card verification value, authentication code, or cryptogram before authorizing it — so they can automatically detect and reject any attempt to reuse transaction information. In addition, he cardholder’s name is not required for payment processing and is usually not present in the chip, and the card never has to leave the cardholder’s hand during the transaction.
Contactless Payment Security FAQ #2: What can be done to protect a contactless payment card?
Answer: A contactless payment card or key fob should never be left unattended. Consumers should take the same precautions they would with any other type of payment card.
If a consumer believes their card has been put at risk, they should contact the issuing bank. Liability policies that protect consumers who hold traditional credit and debit cards also apply to those with contactless cards. These policies exempt consumers from responsibility for losses due to card loss or theft, providing that the issuing bank is notified promptly.
Contactless Payment Security FAQ#3: Can a contactless payment card be read without a consumer’s knowledge?
Answer: This is unlikely. Contactless payment cards, as well as the terminals and network, are designed so that the customer initiates the transaction by holding the contactless payment device (card or key fob) within two to four inches of the payment terminal. But should someone successfully read the information from a contactless payment card, the security features designed into the device, the payment terminal, and the payment system would prevent the information being used for fraudulent purposes.
Contactless Payment Security FAQ #4: What happens if a contactless payment card is lost or stolen? Doesn’t that compromise its security?
Answer: In such a situation, contactless payment security remains very high. For one thing, banks impose a limit on the number or value of contactless payment transactions a cardholder can make before being asked to verify their identity.
What’s more, to enhance security, banks routinely use data analytics to identify unusual transaction patterns that may indicate that a contactless card is being used by an individual who isn’t the cardholder. If it turns out that this is the case, the card is immediately invalidated, and a replacement is issued.
Now that you know more about contactless payment security, you can be confident when implementing contactless payment-compatible POS equipment that you’re not compromising the integrity of customers’ payment information. You can also be certain that you’re sharing the correct information to bolster customers’ confidence in the security of their data and payments, which is a cornerstone of a good customer/merchant relationship.
