There are several videos and articles doing the rounds on social media, trying to frighten consumers about the risks of using their cards to make contactless (“tap”) payments, writes Daneel Jordaan, head of consumer products for sub-Saharan Africa. In one example from last year, a viral video showed the assumed vulnerabilities of contactless payment technology. In the video, we see someone approaching a man with a point-of-sale (POS) device and with a simple tap, manages to withdraw funds from the victim’s contactless card.
In response, the South African Banking Risk Information Centre (SABRIC) had reassured South Africans that paying using contactless cards is as secure as traditional cards because they enjoy the same protection measures as chip and PIN payments, making them safer than cash. Contactless cards and devices are also embedded with multiple layers of security to protect you against fraud. Despite this reassurance, many South Africans remain uncertain around the use of contactless technology.
In the drive to encourage the next wave of electronic payments, here are a couple of typical questions and corresponding facts on contactless technology.
1) Can fraudsters steal money from my card with a wireless scan or tap it on a card machine behind my back?
Contactless is only effective when the reader and the card in question are pointing in the same direction. This means that a fraudster would need to be very close to you, and hold the device in exactly the right way to even attempt a successful payment.
Readers also cannot scan more than one card at the same time. Many of us carry more than one card and keep them all together in our purse or wallet. A card reader would not work in this case.
Any fraudster hoping to do quick multiple transactions would find the process not so easy, because every transaction would need them to enter an amount, print a charge slip and repeat the process with every tap. In fact, what was shown in the video in question has not happened anywhere in the world, except in simulated laboratory environments, which hardly resembles real life.
2) Are contactless transactions safe if I do not need to enter my PIN?
Although the technology that allows contactless transactions is safe, your bank uses your PIN number to verify that it is indeed you, the cardholder, who is making the transaction. However, contactless transactions provide a very convenient way to pay, especially for transactions where you previously might have chosen to pay with cash.
In South Africa, there is an agreed industry limit of R500 – below this you should not be required to enter a PIN, but above R500 you will be required to enter your PIN. However, some retailer or banks might elect to do it differently, so you may sometimes find that you need to enter a PIN for smaller transactions. What consumers need to know, is that they can tap safely for any amount, large or small, and they simply need to enter their PIN when prompted to do so by the POS device. But you have nothing to fear if you are not asked to enter your PIN.
3) How secure are payments made with my phone, smart watch or fitness tracker?
To make a Visa contactless payment with any device other than your card, for example your phone, smart watch or personal fitness tracker (provided this is supported by the device manufacturer), you will identify yourself with a fingerprint scan or a private passcode on the device to approve each transaction. Mobile or device wallet transactions also receive the same real-time monitoring and fraud detection as any other Visa transaction made with a chip or magnetic stripe card. And, using a technology we call “tokenization”, makes these transactions more secure by replacing the cardholder’s information with digital tokens. Ensuring your card number is not stored on the device, so there is no risk of your card number being compromised if you should lose your device.
4) Can fraudsters intercept transaction data while I make a contactless payment?
No – Visa cards use cutting edge cryptographic technology to protect your information. This makes your transaction unique and your card impossible to duplicate. During a contactless transaction, no critical information and data, including your name or the CVV code on the back of the card, is shared. In most cases, the contactless card or device does not even leave your hand (which is the best way to pay using a contactless card or device) so there is no way for a cashier in a store, or anybody else, to access the information on it.
5) What happens if I lose my card
Call your bank and block the card immediately. Your card cannot be used for any significant purchases without your pin. If you have enabled SMS alerts, you will know every time your card has been used
Despite these questions and misconceptions, several markets across the world have embraced this fast, simple and secure way of tapping to pay. Many markets reach a point where more than half of all card transactions are contactless, in just 18-24 months. In just five years, contactless payments grew from 7% to represent 94% of all point-of-sale (POS) transactions in Australia. Over the same period, card fraud at face-to-face retailers (i.e. excluding e-commerce) in the country, as a result of counterfeit cards or card skimming, declined from 23% in 2011, to 11% in 2016.
In the United Kingdom, contactless payments now represent over 59% of all POS transactions, and fraud losses on cards from decreased by 11% from 2016 to 2017 (measured over a six-month period from January to June).
As these statistics show, in countries where contactless payments are used widely, fraud at the point of sale has remained at historic lows, because criminals invariably move away from technologies like contactless, where the fraud cannot be replicated multiple times. Although fraud is a reality in South Africa, contactless payments are the future of fast, simple and secure payments at the point of sale.