How safe are contactless payments?

Business tips
Ryan Gibbons


Contactless payments, particularly in relation to their safety, have garnered a great deal of attention over the past few years. When the pandemic hit, buyers and sellers alike embraced them even more. 

Since this touchless way of exchanging funds shows no signs of fading into obscurity, it makes sense for you as a business owner to gain a better understanding of what they are, how they work in conjunction with a card reader, their pros and cons, how customer’s data is kept secure and whether they are a safe alternative to traditional payment methods.

What are contactless payments?

Also sometimes referred to as tap-to-pay or tap-and-go, a contactless payment can be defined as a secure payment method that uses a contactless card reader or other device to capture the customer details contained on a debit or credit card, smart card, wearable, or other device. 

The merchant’s system accomplishes this task through the use of radio frequency identification (RFID) and near frequency communication (NFC) technologies. 

These allow data to be transmitted from buyer to seller securely and at very close range, making it possible for money to be transferred efficiently and with minimal risk of interception by cyber criminals.

How contactless payments work.

Although a contactless payment is incredibly fast and safe, a great deal happens in a short span of time. Contactless cards use radio frequency identification (RFID) and near frequency technology (NFC). 

RFID utilizes tags and readers to passively identify the presence of objects such as a customer’s credit card through the use of radio waves. NFC is the short-range innovation that connects the buyer’s card or wearable with the seller’s credit card processing device.

The process begins when the merchant prompts the buyer to make their payment. The customer next positions their contactless card close to the seller’s payment terminal. The contactless payment information is then transmitted to the customer’s bank via microchip.

Next, the buyer’s bank examines the information, screening for fraud and ensuring that there are sufficient funds in the account. Based on these findings, the payment is either accepted or declined. 

In the case of an acceptance, the merchant’s POS system should display a green light, check mark, or noise to give the all-clear.

What are the benefits of contactless payments?

It is no accident that the contactless payment has been so widely embraced throughout the world. Merchants and customers love the fact that it is a touchless, fast, and safe way to resolve a bill.

That’s because a contactless payment can be made without the need to touch a merchant’s POS terminal, input a PIN, or to scan for biological data. 

When a business offers a contactless payment option, you as a consumer don’t need to swipe your card, scrounge around for cash or write a check. Instead, the contactless card reader simply connects to mobile wallets such as Google Pay and Apple Pay or your standard EMV chip credit or debit cards. 

Within just a few seconds, the contactless payment will be safely and successfully completed.

What are the negatives of contactless payments?

In spite of their wide acceptance, the contactless payment phenomenon does not come without its downsides. Most notably, this method brings with it some potential security concerns. 

This is the case because a contactless transaction does not require the use of a PIN or signature authorization. As a result, a lost or stolen contactless card can be used to make fraudulent purchases with relative ease.

Another security risk happens when hackers delve into the smart tags on a merchant’s NFC device, making it possible for customer data to be transferred to an unauthorized system. Fortunately, manufacturers have implemented security features that hamper hackers’ ability to intercept these details. 

Because the security landscape is constantly evolving, contactless payment technology systems are frequently updated and upgraded to protect all parties in the payment process at every step of the way.

Additionally, contactless payment restrictions often prevent customers from making big-ticket purchases using this technology. Moreover, if a buyer’s smartphone battery is low or dead, contactless commerce becomes impossible. 

Finally, there will always be a small but significant segment of the buyer population that simply does not trust this payment method or chooses for whatever other reason not to use it. Therefore, taking a contactless payment should never be your only means of completing a buyer's purchase.

Myths about contactless payments and safety.

As is the case with anything new, contactless payment technology is not fully understood by everyone. Bearing this in mind, it should come as no surprise that there are myths and misunderstandings associated with it.

Electronic pickpocketing.

Many people mistakenly believe that it is easy for an electronic thief to hijack customer payment data simply by standing close to them and using an NFC reader to swipe their payment details. 

In reality, the chances of this electronic pickpocketing happening are severely over-hyped. Even if a thief uses an app or device to pilfer data from a shopper, the worst that could happen is that they would have an account number, CVV, and expiration date. 

For an actual contactless payment to go through, the reading must be done by a POS that is connected to the retailer’s partner bank and must take place within an EMV secure setting.

Duplicating contactless cards.

Let’s say that a person’s contactless payment details are actually stolen in spite of the wide array of security measures that are available today. Should that occur, many fear that hackers can then create a counterfeit card that can be used to make touchless payments in the future.

In reality, consumers are protected by the contactless payment process. Each time they use their contactless card, a one-time-only code is generated that identifies that particular transaction. 

The device or contactless card reader then sends that code to the reader, providing an additional security layer to a process that is already very safe. It is quite difficult for a fraudster to copy these encrypted details to create a dynamic code. 

Better still, duplicating contactless cards is next to impossible for even the most sophisticated of fraudsters.

Fraudulent Transactions.

With incidences of identity theft on the rise, it stands to reason that customers want to avoid doing anything that might create a chink in their security armor. Consequently, many people fear that should a fraudulent contactless transaction occur, their private data can be stolen and used by criminals for the purposes of creating a fake identity.

In reality, neither a contactless card nor a contactless payment device transmits the necessary information that would allow a thief to steal a customer’s identity. 

This is because a person’s name, address, and other details are never exchanged during a contactless payment. Therefore, when you accept contactless payments, you are giving shoppers one of the most stable, thief-proof methods known today to transmit their funds into your business account.

Connected Devices.

Another misconception about contactless payments is that they are vulnerable to theft because of the connected devices associated with them, including smartphones, tablets, and watches. 

If one of these were to be stolen, the concern is that customers’ payment information would be available to criminals.

In fact, the design features that are built into the touchless payments ecosystem help to provide a robust security layer here as well. Very little actual information is stored on associated devices, with tokenization masking any usable card numbers and other details and making them impossible to intercept. 

A merchant can also configure their systems to require a password for their first transaction of the day. Additionally, remote features can be disabled as soon as a seller suspects that theft has occurred.

How secure are contactless payments really?

Just like any other business, any credit card company worth its salt wants to make money. By the same token, it will move heaven and earth to ensure that any and all risks that could jeopardize its profits or reputation are kept to an absolute minimum.

Contactless payments are endorsed by every one of the major credit card and digital wallet players. 

While all parties continue to be vigilant about the ever-evolving security landscape and are constantly updating and upgrading their digital fortresses, all are embracing contactless payments and the many benefits they offer to buyers and sellers alike.

When you build contactless payments into your business model, you can look forward to a more hygienic and safer payment experience for staff and customers alike. 

Numerous anti-fraud and other precautions keep the risk of hacking very low while maximizing payment choice and convenience. When any red flags or questions about an individual transaction arise, this is when you as a business owner can step in. 

The combination of automated procedures, thorough staff training and contingency planning in the event that potential breaches are suspected result in a strong security posture that will set your business up for success with investors, staff members, and customers.