While paying with a card is still the most common method, contactless payments are on the rise. Even prior to COVID-19, paying with mobile was starting to gain traction. With the obvious concern for limiting physical contact, contactless commerce has taken off, progressing faster than ever before.
Still, contactless commerce faces many myths, particularly regarding security. New consumers are often wary to adopt this newer technology. However, despite popular belief, contactless commerce is an incredibly safe, secure, and convenient way to pay.
Today, we’ll break down some of the top myths surrounding contactless commerce and mobile payments.
One of the most common myths floating around about contactless commerce is that thieves can electronically “pickpocket” you to steal your contactless card or the mobile payment method. People think that someone standing near you in line with an NFC card reader can obtain your contactless payment information.
It’s true, certain smartphone applications could read some data from a contactless card. However, these devices would only get your account number and expiration date. The NFC used to read the card must be done via a valid point-of-sale (POS) terminal from the retailer’s partner bank. The transaction must take place in an EMV secure setting, with a payment transaction.
Even if a genius hacker were able to actually steal a POS terminal, the transaction would show up as a processed transaction, catching the culprit if he owned the terminal. If the terminal were stolen, the retailer would have reported it as stolen and blocked it.
It’s much more likely that you’ll have a physical card stolen than it is to have your contactless payment electronically pickpocketed.
Duplicating Contactless Cards
Another myth about contactless commerce is that it’s possible to duplicate a contactless card. People are worried that if a thief did intercept your contactless information, they’d be able to create a duplicate card to use.
This myth is far from the truth. During contactless payments, the card/device provides the reader with a unique, one-time code that identifies the transaction. This number is dynamic, and would not be plausible to copy. It relies on advanced encryption technology to create one-time codes. Even if a thief did somehow obtain your contactless card information, they would not be able to duplicate it because of the one-time code feature.
Losses From a Stolen Card
We’ve already detailed how hard it is to steal a contactless payment card, but let’s say it did happen. One misconception is that the cardholder would have to pay for any fraudulent transactions, and thus would entail a larger loss than with a physical card. People believe the card could be used limitlessly, without the need for a PIN and the thief could get quite far before being caught.
This is not a concern you must have with contactless commerce. If you notice any fraudulent activity, you would report it, just like you would with a physical card. Additionally, you would not incur a huge financial loss. The policies for contactless commerce work similarly to most physical cards, in that the banks would reimburse you for the purchases you did not make. Keep in mind that a PIN is still required for larger transactions, further helping protect you from a large financial loss.
Connected Devices and Contactless Payments
The contactless card is hard to steal, but what if someone steals my device? Will they be able to hack my contactless payment account then?
Understandably, you may be concerned about your contactless commerce in the event that your device is stolen. It seems plausible that a thief could easily break into your contactless card if they have your device.
But, this is not how contactless commerce works. The connected devices, like your smartwatch, contain even less information than your contactless card. The card number is not directly visible, it’s concealed using the “token” system. Before completing any transaction, the enciphered card number must be decrypted by the card issuer. Another protection is that the first transaction of the day made via the smartwatch must use a PIN. if you take the watch off, the payment feature is disabled. That means, if you drop your watch, take it off for a moment, or have it stolen off of you, the payment feature would have been turned off and would require a PIN.
Contactless Payments and Identity Theft
Identity theft is a serious issue with major consequences, and it’s something we all want to avoid at all costs. One of the biggest myths about contactless commerce is that thieves can steal your entire identity from contactless payment cards.
It’s important to remember that identity theft is a lot different than payment card fraud. Identity theft is when your identity is assumed by another person for criminal purposes. Payment fraud is where your card information is compromised to make unauthorized purchases. Contactless cards do not share your identifying information like your name or address. You can also use protective card sleeves and wallets to help shield your information.
Think about when you use a physical card. You must place it in a card-reading terminal with direct contact. Contactless payments eliminate this step, further protecting your data. It’s actually safer to use a contactless card, and there’s less chance of identity theft with contactless payments.
Contactless Payment Security
Many myths and misconceptions about contactless payments are about its security. Those unfamiliar with the technology may falsely believe that contactless commerce poses a larger security risk than physical cards. The truth is that contactless security is excellent.
While older cards use magnetic strips, EMV cards use a smart microprocessor chip technology to safeguard your credentials and secure the communication with the POS terminal. The chips are incredibly difficult to clone, making EMV cards far less vulnerable to fraud.
Contactless commerce is a step above EMV cards, relying on Dynamic Data Authentication (DDA). The POS terminal actually prompts the card to generate a valid cryptographic code. Each code is unique to that transaction, and it validates that the card is genuine. The terminal then uses the second key to validate the code returned by the card.
Contactless payments are processed by the same networks as other transactions. The encryption and dynamic data technologies are more advanced and actually safer and more secure than physical cards.
When using a contactless card, there is a far slimmer chance that you’ll lose or forget it. The card never leaves your hand, so you cannot misplace it or accidentally set it down somewhere. Handheld devices that “skim” magnetic strip cards will not work with contactless commerce.
While contactless commerce is a relatively new technology, it is not one that consumers or retailers should fear. Contactless payments offer many benefits to shoppers and retailers alike, and they are even more secure than their physical counterparts.