Contactless Card Security: What it is and how it works

In light of the global pandemic, many businesses have taken a hands-off approach to their in-person payment systems. Contactless card transactions, which allow customers to make purchases without physically touching a POS terminal, are a safer alternative to methods that require someone to push, swipe, or otherwise interact with a payment system.  As of a 2020 poll, more than half of Americans use contactless payment methods. Customer buying habits predict that contact-free payments will become the standard in the near future.

Because contactless payments build customer confidence and trust, it can seem like a no-brainer to include them in your business. But just how secure are contactless payments? And what measures should you put in place to protect yourself and your customers from fraud?

When you use your contactless card, the EMV chip in your card sends a unique message to the POS system to communicate your payment information. This unique message or code changes with every purchase you make, concealing your sensitive personal information and adding a level of security above magnetic stripe purchases.

Learn more: Reduce labor and go contact-free

Similarly, when you use your mobile device to make a purchase, your device uses near-field communication (NFC) to send short-range data between your stored payment information and the POS system. Like EMV chips, these payments tend to be more secure because they involve sending encrypted codes rather than card numbers, making it difficult to make a fraudulent purchase or steal personal information.

Unlike payment systems that require direct contact with both the customer and their personal information, contactless credit cards allow customers to keep their distance, both physically and financially. Still, these payment methods aren’t exactly foolproof. Customers and merchants still have to do their part to prevent fraud and protect sensitive information. 

Contactless payments are one of the most secure ways to make a payment, but there are a few precautions that both merchants and customers can take to prevent fraud.

Customers can protect their contactless and mobile payments using a few methods. Keeping track of their physical payment card is one of the most important: if a customer loses their card or has it stolen, a thief may be able to make contactless payments, bypassing the need for a PIN or signature. Thankfully, many financial institutions have security measures in place to detect unusual transactions, including geolocation and past buying habits. Suspicious activity often results in the fraudulent transaction being declined – or the customer being prompted for a PIN or other identifying information.

Additionally, a customer can make sure to always keep their mobile device secured with a password, and not allow any unauthorized access to any mobile device (including laptops and smartwatches) that they may use to make payments. Of course, a customer should always report any unusual activity or lost cards to their bank immediately, which will prevent the further misuse of their card.

Merchants are also at risk of being affected by this kind of fraud. As contactless payments become more common, purchasing limits are increasing, allowing customers to make higher value purchases using their contact free payment method. This means that fraudsters could make more expensive purchases using stolen cards, which would greatly increase chargebacks and other consequences for businesses. This can become costly at a large scale, and with the threat of contactless fraud becoming more common, business owners must preempt this possible liability.

Learn more: What is credit card tumbling and how can I prevent it?

Contactless security for merchants may seem a bit less straightforward – if you’re a business owner you want to reap the benefits of contact-free payments, which may seem incompatible with security measures that require PIN numbers or other time-consuming identity verifiers.

Fortunately, businesses can avoid fraud by maintaining up-to-date, PCI compliant POS systems. The Payment Card Industry Data Security Standard or PCI is a set of guidelines that payment handlers must adhere to in order to legally process card payments. These guidelines are meant to promote the safety and security of each transaction, with rules set out to protect consumer data and prevent fraud. PCI complaint POS systems help detect fraud and protect your customers, which in turn protects your business from fraudulent transactions.

When your POS system receives data from a customer credit card, your PCI compliant terminal makes sure that customer data is kept encrypted and safe. It may also detect transactions that seem unusual and automatically decline a payment method until a second type of verification is presented at the terminal. Most importantly, it will handle legitimate contactless payments quickly and efficiently, keeping your customers moving and satisfied with the speed of your service. 

Although customers (and merchants) may have been skeptical at first, contactless card payments are quickly becoming the most common form of in-person payments overall. And because contactless card fraud occurs at less than half the rate of regular card fraud, it remains one of the safest ways you can make a transaction. There may be no surefire way to get rid of fraud altogether, but contact-free payments are definitely a step in the right direction for conscientious business owners looking to increase the speed and security of their payment system.