What Is Contactless Payment and How Does It Work?
You have probably heard of contactless payment cards. Some of you might even have them in their wallets. But why do we have them? To find out, we must take a closer look and see how they came to be, how they work, and what sort of risks they pose.
Table of Contents
Old technology and security problems
We all know the traditional banking cards with the magnetic stripe. To pay with them, a customer swipes the card through the point-of-sale (POS) terminal, signs a form, and they're on your way.
What you don't see is that when the magnetic stripe runs through the terminal, credit card data is transferred from the card through the merchant's systems and on to the bank. This data is vulnerable. It can be intercepted by a skimming device, and it can also be stolen by malware installed on the system handling the data.
This, by the way, is what happened in late 2013, when credit card details belonging to millions of Target customers were stolen from the retailer's POS systems. This, along with a line of similar breaches proved to be something of a turning point when it comes to banking cards in the US, and shortly after that, many retailers, banks, and financial institution pledged to start using a piece of technology that was more or less the norm on the other side of the Atlantic.
Chip & PIN cards
Although they had been around in Europe for years, chip and PIN cards weren't particularly popular in the US prior to the Target incident. They have a number of advantages over the ancient magnetic stripes. The most obvious is, of course, the fact that to process a payment with them, you need to provide a four-digit PIN (or Personal Identification Number) instead of a signature. As we've mentioned before, this is one of the simplest forms of two-factor authentication, and although you could argue that a four-digit PIN code will never be strong enough, trying to guess the combination is harder than just scribbling something that may or may not look like a signature. Chip and PIN cards are superior in one other aspect.
As the name suggests, chip and PIN cards come with electronic chips which are also known as EMV chips (coming from Europay, Mastercard, Visa, the three institutions that first adopted and developed the technology). When it comes into contact with the reader in the POS device or ATM, the chip embedded in your banking card uses a cryptographic algorithm to produce a special code that is unique to every single card and, crucially, every single transaction. Even if hackers steal the code, they can't use it for withdrawing money or processing payments.
Contactless payment: the evolution and the risks?
Thanks to contactless payment technology, we're no longer confined to a three-by-two-inch piece of plastic. You can now use your smartphone, a smartwatch, a key fob or even a sticker. Indeed, you can also use your credit card as well, with the difference that you won't need to physically insert it into a slot on the POS terminal.
Different cards and devices use different protocols to communicate with terminals, but the crucial bit is, EMV technology decides whether or not a transaction will go through meaning that they are in a sense, a more convenient version of the chip and PIN card.
To make shopping even quicker, contactless cards can also work without a PIN code, though most banks impose restrictions on the number and size of transactions that can go through without additional authentication. The limits help combat fraud, but the fact that payments can go through without a PIN means that you should act quickly if you find out that your contactless card is missing.
The real risk with contactless cards is something called backward compatibility. Many retailers still rely on POS terminals that read magnetic stripes, and they don't support EMV or contactless technology. To make sure that users are not inconvenienced by this, even brand new credit and debit cards come equipped not only with a chip and contactless communication but also with a magnetic stripe on the back. This stripe still hosts information that can be intercepted, stolen, and abused.
You mustn't also forget that a contactless credit card is still a credit card. And this means that the information printed on it is enough to process an online purchase.
Contactless devices and cards show that the act of paying for something without handing over any banknotes or coins has come a long way. Unfortunately, while we have seen a few massive steps up when it comes to security, things are still not perfect. If you are aware of the risks, however, and if you know how to keep yourself safe, you can enjoy the extra convenience.
