Security Corner Blog

Tap. Pay. On Your Way.

USSFCU Visa^® Credit Cards Are Now Contactless! Enjoy fast, easy, and secure checkouts on everyday purchases. Plus, all the benefits that come with a USSFCU Visa credit card. Compare Our Cards >>

Contactless payments offer many benefits to shoppers and retailers alike, and they are even more secure than their physical counterparts. Here are four common myths surrounding contactless payment methods and some insight into the reality of how secure they really are.

Contactless cards can accidentally process a transaction while inside a wallet.

You can’t pay accidentally – your card or device must be within 2.5-5 cm of the terminal for the transaction to occur (and you won’t be billed twice, even if you accidentally tap twice). The close-range proximity is required in order for the contactless technology to respond to the POS terminal. Contactless payment methods use radio frequency to communicate. However, do not confuse that with RFID (radio-frequency identification) technology that also uses radio frequency but has a much longer proximity range of up to 5 feet.

Electronic Pickpocketing

One of the most common myths floating around about contactless commerce is that thieves can electronically “pickpocket” you to steal your contactless card or the mobile payment method. People think that someone standing near you in line with an NFC card reader can obtain your contactless payment information. 

It’s true, certain smartphone applications could read some data from a contactless card. However, these devices would only get your account number and expiration date. The NFC used to read the card must be done via a valid point-of-sale (POS) terminal from the retailer’s partner bank. The transaction must take place in an EMV secure setting, with a payment transaction. 

Even if a genius hacker were able to actually steal a POS terminal, the transaction would show up as a processed transaction, catching the culprit if he owned the terminal. If the terminal were stolen, the retailer would have reported it as stolen and blocked it. It’s much more likely that you’ll have a physical card stolen than it is to have your contactless payment electronically pickpocketed. 

If my contactless information is intercepted, a counterfeit card can be created and used in-store.

Each time a consumer uses a contactless card, a dynamic one-time-only code is generated to uniquely identify each individual transaction. The contactless card or device then provides the payments reader with that unique code, securing the transaction. It is extremely difficult for a fraudster to copy any of this advanced encryption technology to create a dynamic code and even more difficult to have the ability required to create a counterfeit version of a contactless card.

It's unlikly it'll be used for online transactions either. To complete an online transaction, a consumer must provide or have access to the card verification value (CVV2 or the three- or four-digit security code), cardholder name and billing address associated with the card – none of which are sent or shared during a contactless transaction. Since neither the card nor the device transmits this information when making a purchase, fraudsters typically will not have enough information for an online payment transaction to be authorized or authenticated.

If my card data is stolen, my identity can be stolen, too.

Contactless cards and devices do not transmit information about the cardholder that would allow a thief to steal someone’s identity from a contactless transaction. In order to steal someone’s identity, the fraudster would need a name, address and other personal information that is not shared when conducting a contactless transaction. There is very little risk of identity theft associated with contactless transactions.

This material was sourced from articles originally posted by CUinsight and Retail Control Systems. It is for informational purposes only.