Contactless cards: 5 security myths debunked

Contactless payments are becoming more prevalent in the UK, with a previous study by Merchant Machine revealing cash usage in the UK is on the decline and is forecasted to hit 0% in just five years– as soon as 2026. Regardless of the fact that this technology is available, customers aren’t fully aware about how safe this means of payment is, with some individuals being concerned about the security due to contactless payment information being transmitted wirelessly.

A number of myths have built up around contactless payments, which the experts at Merchant Machine have taken it upon themselves to debunk.

Myth 1: If a criminal approaches you with a terminal, they may steal your contactless card electronically and use it to complete a fraudulent purchase.

To obtain a terminal for the purpose of starting a company, you must visit a terminal provider. This means that they know everyone who owns a terminal in the country. Due to contactless payments being electronic, they can be tracked. The terminal, card owner and payment can all be identified.

Thieves can only get your account number and expiration date using these devices, meaning they would not be able to complete a transaction. If the thief has used a registered terminal, the transaction would also appear as processed, allowing the terminal provider to identify the thief.

Myth 2: Thieves can duplicate contactless cards

Some people are concerned that if your contactless information is intercepted, a thief will be able to make a replica card. This is incorrect. During card transactions, the scanner receives a one-time code from the card/device that validates the payment. This is an unique number that would be impossible to duplicate. One-time codes are generated using sophisticated encryption technologies stopping thieves from being able to duplicate any cards.

Myth 3: I could accidentally pay another customer’s bill or make several consecutive payments

Payment terminals are designed to prevent payments for the same transaction from being made again, reducing the chance of being charged twice. If a terminal detects several cards, it may ask for only one to be presented, or the transaction may be cancelled to avoid double billing. Fears of paying another customer’s bill accidently are unnecessary, as the card must be placed within a very short distance (one to two inches) of the payment terminal to be read.

Myth 4: Even if a thief cannot counterfeit your card, they can make purchases online or by phone

Contactless is nothing more than a feature to enable communication between a card/device and a terminal. It is technology that is only relevant in the physical world. Just like a regular card, a contactless card does not know your name, billing address, or even the 3-digit CVC code at the back of your card. Since these data cannot be transmitted, there is no risk someone gets access to it through contactless communication.

Myth 5: Apple pay or Google wallet contactless payment is not secure.

When contactless payments first made their debut on smartphones, concerns were raised about the security of card details being stored on, and transmitted from, a smartphone. In the case of ApplePay, for example, card details are only transmitted when the phone detects a Chip & PIN machine that is requesting payment and  requires either a passcode, retina scan or thumbprint to complete the transaction, along with the 16-digit card number transmitted is semi-randomized per transaction. These features give contactless payments via a phone another level of security.

Ian Wright, Founder of Merchant Machine comments:

“The way we make payments has been evolving over the last decade, but amidst the COVID-19 situation, cash usage has decreased even further as more people stay at home due to government measures, and there was/is still a fear of coming into contact with the virus itself.’’

Contactless payments are becoming more prevalent in the UK, with a previous study by Merchant Machine revealing cash usage in the UK is on the decline and is forecasted to hit 0% in just five years– as soon as 2026. Regardless of the fact that this technology is available, customers aren’t fully aware about how safe this means of payment is, with some individuals being concerned about the security due to contactless payment information being transmitted wirelessly.

A number of myths have built up around contactless payments, which the experts at Merchant Machine have taken it upon themselves to debunk.

Myth 1: If a criminal approaches you with a terminal, they may steal your contactless card electronically and use it to complete a fraudulent purchase.

To obtain a terminal for the purpose of starting a company, you must visit a terminal provider. This means that they know everyone who owns a terminal in the country. Due to contactless payments being electronic, they can be tracked. The terminal, card owner and payment can all be identified.

Thieves can only get your account number and expiration date using these devices, meaning they would not be able to complete a transaction. If the thief has used a registered terminal, the transaction would also appear as processed, allowing the terminal provider to identify the thief.

Myth 2: Thieves can duplicate contactless cards

Some people are concerned that if your contactless information is intercepted, a thief will be able to make a replica card. This is incorrect. During card transactions, the scanner receives a one-time code from the card/device that validates the payment. This is an unique number that would be impossible to duplicate. One-time codes are generated using sophisticated encryption technologies stopping thieves from being able to duplicate any cards.

Myth 3: I could accidentally pay another customer’s bill or make several consecutive payments

Payment terminals are designed to prevent payments for the same transaction from being made again, reducing the chance of being charged twice. If a terminal detects several cards, it may ask for only one to be presented, or the transaction may be cancelled to avoid double billing. Fears of paying another customer’s bill accidently are unnecessary, as the card must be placed within a very short distance (one to two inches) of the payment terminal to be read.

Myth 4: Even if a thief cannot counterfeit your card, they can make purchases online or by phone

Contactless is nothing more than a feature to enable communication between a card/device and a terminal. It is technology that is only relevant in the physical world. Just like a regular card, a contactless card does not know your name, billing address, or even the 3-digit CVC code at the back of your card. Since these data cannot be transmitted, there is no risk someone gets access to it through contactless communication.

Myth 5: Apple pay or Google wallet contactless payment is not secure.

When contactless payments first made their debut on smartphones, concerns were raised about the security of card details being stored on, and transmitted from, a smartphone. In the case of ApplePay, for example, card details are only transmitted when the phone detects a Chip & PIN machine that is requesting payment and  requires either a passcode, retina scan or thumbprint to complete the transaction, along with the 16-digit card number transmitted is semi-randomized per transaction. These features give contactless payments via a phone another level of security.

Ian Wright, Founder of Merchant Machine comments:

“The way we make payments has been evolving over the last decade, but amidst the COVID-19 situation, cash usage has decreased even further as more people stay at home due to government measures, and there was/is still a fear of coming into contact with the virus itself.’’