Contactless Technology and Security

read time: 2 min
08.06.16

With a mere tap of one’s card on a terminal, contactless credit and debit cards let us make payments of up to £30 without so much as a PIN. As of February this year, there were 84 million contactless cards in use in this country, and with widespread usage has come concern about security and fraud.

Encryption of personal information

Contactless tech relies on advanced data encryption to stave off illegal replication, and issuers’ systems automatically detect and reject attempts that involve the same transaction information more than once. Card readers conspire with the main processing network to prevent fraud: each transaction is identifiable by a secret key and an authentication code. No two cards or transactions share the same key or code, and this information is never transmitted. Card issuers will only authorise a transaction after using their own encryption systems to ensure that a contactless purchase has a valid code. As such, the information that is transmitted during a transaction has little to no use in supporting fraudulent transactions.

Proximity scanning

Concerns about criminals using portable card readers to tap payments from victims on the street aren’t based on evidence; there have been no reported incidents of this happening in the UK despite scaremongering emails making the rounds. Experts agree it would be almost impossible for a criminal to carry this out and get away with it.

Giles Mason, a media relations manager at the UK Cards Association, set the stage for TechRadar: ‘In order to be able receive any money from a card payment, a retailer account must be set up with an acquiring bank. All acquirers carry out thorough security checks before setting up an account, and monitor new accounts for any suspicious activity. Every card payment is fully traceable, right through to the recipient account, meaning if any fraud is reported the recipient is easily identifiable.’ While it is theoretically possible to use a registered terminal connected to a retail account, it would be easily traced.

Offline payments

Banks don’t automatically check all contactless payments, and even after stolen cards are cancelled, thieves can use them. Certain actions, such as using contactless to pass through London Underground barriers, are submitted as offline transactions and only checked by issuers after the fact.

Fortunately, providers offer full protection against losses from fraud on contactless cards. They will refund all money provided that the customer has acted reasonably to keep the card safe.

Fraud is rare

Contactless crime is exceptionally rare. In the first half of 2015, only 0.2 per cent of contactless transactions were associated with fraud. Given the level of encryption security, the due diligence on receiving accounts, and full refunds on illegitimate transactions, concerns about security seem almost completely unwarranted.

Sign up for legal insights

We produce a range of insights and publications to help keep our clients up-to-date with legal and sector developments.  

Sign up