The U.S. is experiencing a turning point in the adoption of contactless payment methods. More and more merchants are beginning to embrace contactless and turn on their near-field communication (NFC) technology, allowing payments to be processed using tap-and-go payment options. And while convenience, speed, ease of use and merchant acceptance are all important factors impacting the use of this payment type, many consumers are still concerned about the safety of contactless cards and other tap-and-go payment methods, including smart watches and mobile wallets.
Contrary to what some consumers may believe, there are multiple layers of security throughout the traditional credit and debit payments systems that protect all parties involved in a contactless payment transaction. Below are five of the most common myths surrounding contactless and insight into the reality of how secure contactless, tap-and-go payment methods really are:
Myth: A contactless card may accidentally process a transaction while inside a wallet.
Contactless technology does not work until the consumer removes it from his or her wallet and holds it in close proximity of the point-of-sale (POS) terminal. A close range proximity of 10 centimeters or less is required for the contactless technology to respond to the POS terminal. Contactless payment methods use radio frequency to communicate – but do not confuse that with RFID (radio-frequency identification) technology that also uses radio frequency but with a much longer proximity range of up to 5 feet.
Myth: If my contactless information is intercepted, a counterfeit card can be created and used in-store.
Each time a consumer uses a contactless card, a dynamic one-time-only code is generated to uniquely identify each individual transaction. The contactless card or device then provides the payments reader with that code, securing the transaction. It is extremely difficult for a fraudster to copy any of this advanced encryption technology to create a dynamic code and even more difficult to create a counterfeit version of a contactless card.
Myth: Even though a contactless card cannot be counterfeited, it can still be used for online transactions.
To complete an online transaction, a consumer must provide or have access to the card verification value (CVV2 or the three- or four-digit security code), cardholder name and billing address associated with the card, none of which are sent or shared during a contactless transaction. Since neither the card nor the device transmits this information when making a purchase, fraudsters typically will not have enough information for an online payment transaction.
Myth: Now that my card data has been stolen, my identity can be stolen, too.
There is a clear distinction between identity theft – when a consumer’s identity is assumed by another individual for criminal purposes – and payment card fraud or payment device fraud – when a consumer’s card information is compromised in order to make unauthorized purchases. As mentioned, contactless cards and devices do not transmit information about the cardholder that would allow a thief to steal someone’s identity from a contactless transaction. To steal someone’s identity, the fraudster would need a name, address and other personal information not shared when conducting a contactless transaction. There is very little risk of identity theft associated with contactless transactions.
As evidenced, contactless cards and tap-and-go payment methods are just as secure as any other payment option when conducting transactions. According to Visa, 95 percent of terminals shipped are already contactless-enabled and many merchants are committed to turning on their NFC functionality. In fact, eight out of the top 10 merchants are now accepting NFC payments. It is highly likely credit unions could experience an increase in transactions by offering contactless card programs. Most other countries that have been issuing contactless cards for several years have seen an increase of three to five transactions per card in the first year of contactless rollout.
It is important for credit unions to educate members about the safety and security of contactless payments options in order to provide members with the opportunity to embrace this new method of payment that will continue to grow in popularity for years to come.
Dr. Arthur (Art) Harper is part of the EMV team at PSCU, the company that is certified and was the first to issue credit, debit and prepaid EMV cards in the credit union market. He has written several articles and educated credit unions across the country through internal and external webinars, EMV roadshows and one-on-one meetings. Art represents PSCU and the credit union industry on the U.S. Payments Alliance board.