Contactless cards let you pay with a tap. Rather than swiping a stripe or dipping a chip into the card reader, you simply hold your card against the reader until it recognizes your information. Worldwide, approximately 370 million people are using contactless technology in over 111 countries, but some consumers are worried that in exchange for convenience, they are opening themselves to the risk of electronic pickpockets.
The short story is that the risk has been over-inflated, and these cards are safe, but here’s a look at the details.
How Contactless Technology Works
Developed by Mastercard, contactless pay relies on an embedded radio frequency identification (RFID) chip and a very small antenna. When you place your card against the reader, the RFID technology communicates with the card reader, sharing critical information in a fraction of a second. Contactless pay using apps such as Google, Samsung, or Apple Pay relies on the same RFID technology, but rather than being in a card, the technology is in a cell phone. On a very basic level, the technology is similar to how radio towers communicate with radios, but on a much smaller level in much closer proximity.
When consumers use contactless pay, the card reader doesn’t get their name, account number, three-digit security code, or similar details. Instead, the card sends a single-use code to the reader. Then, the card reader transmits that code to the bank to complete the transaction. Even if someone is able to intercept the message, they can’t get any useful information. The single-use code can never be used again. Additionally, Mastercard has fraud detection tools in place that identify unusual activity.
Here’s the concern many consumers have— if your card can transmit information without being in physical contact with the card reader, that means that someone may be able to get the information from the card without actually touching it. In fact, there are smartphone apps that allow someone to extract information from cards with RFID chips. Luckily, at this point, these apps can only get the account number and the expiration date. Generally, that is not enough information to make a purchase. Most merchants require consumers to verify their credit card with their name, zip code, or three-digit security code.
Without those additional details, the pickpocket probably won’t be able to use the account. Additionally, the radio waves aren’t strong enough to intercept them from across the room. To snag that information, the electronic pickpocket needs to get very close to their victims.
Risk of Identity Theft
Because electronic pickpockets can’t get any of the cardholder’s personal information, there is really no heightened risk of identity theft with these cards. If a thief wants to steal someone’s identity, they are usually better off digging through the victim’s old mail or stealing their wallet. Simply walking by and waving a malicious smartphone app at their pocket is not going to do the trick.
Zero Liability Policy
For most of its cards, Mastercard has a zero liability policy for fraudulent purchases made in stores, over the phone, online, with ATMs, or on mobiles. That’s great news for customers, but it can be challenging for financial institutions. By law, if your customers report fraudulent debit card transactions within two days, they can only be held liable for $50, and if they report the issue within 60 days, you can only hold them liable for up to $500.
However, Mastercard’s zero liability policy may supersede these limits, and if one of your customers faces fraud, you may be on the hook for the whole amount. To protect yourself, you need to educate your customers about the risk of fraud, and you need to ensure they understand the importance of reporting suspicious activity as soon as possible.
To reduce the chances that your customers become the victims of fraud, you need to educate them about the risks. But beyond that, you also need to steer them toward the safest, least fraud-prone payment methods, and in a lot of cases, that just might be contactless pay. According to Mastercard, the majority of fraud involving contactless pay cards happens when the thief steals the actual card. There is little to no legitimate risk of electronic pickpockets.
If you want to transition to contactless pay, let your customers know that many of the posts and videos online about electronic pickpockets are not rooted in reality. Unfortunately, a number of fear-based news stories have gone viral, creating unnecessary panic, and clickbait sites have re-posted these stories, increasing the worry and misinformation.
Offering contactless pay can help you to rise above the competition, while also making payments easier and faster for your customers. However, before you embrace this technology, you need to understand how Mastercard’s zero liability policy affect your financial institution. You should also take some time to educate your clients about the risks. For instance, let them know that they probably don’t need an RFID-blocking wallet, but they do need to take simple precautions such as not sharing their PIN or not leaving paperwork with their personal banking details in public places.
At SQN Banking Systems, we help our clients avoid fraud in all kinds of ways. To learn more about our products and services, contact us directly.