Should we worry about contactless fraud?

Every new payment type brings its own positives, negatives and, somewhere in between, the odd scare story that needs to be properly thought about.

Contactless payments are booming because they are quick, convenient and, so we think, pretty secure. But are they as safe as we’ve been led to believe?

A recent viral Facebook post by a commuter got consumers worried.

Paul Jarvis spotted a man using a mobile point-of-sale terminal to wirelessly steal from other travellers.

He posted a picture and said:

“So this guy was spotted wandering round with a Point of Sale (POS) device. All he has to do is key in a price less than £30 and then touch the device on the pocket that contains your wallet.

“Ching! You’ve just been charged automatically on your touch pay enabled credit/debit card…. We just tried this in my local pub with their POS device and it worked…

“(I’ve actually shown people this using the NFC function on my mobile to read their card data through their wallet to freak them out but this is the first time I’ve seen someone doing it for real). Time to invest in a screened wallet I guess…”

Some card readers can scan through wallets, but what’s interesting is that the thief needs a merchant account of some description. Good fraud detection would pinpoint the point-of-compromise pretty quickly and shut them down.

There are clearly concerns about contactless. Research from UK consumer group Which? suggests that carrying out contactless fraud is all too easy, although this focused on skimming cards to use for cardholder-not-present transactions. Police in Australia, where contactless is also booming, have voiced concerns, too.

Three things spring to mind.

First we know contactless card fraud is very low, despite what some people may say. Figures from the UK Cards Association show that fraud on contactless cards totals 2p in every £100, versus nearly 7p in every £100 for card payments in general. Contactless cards use the same secure encryption technology as EMV cards and because limits are set relatively low, the criminals need a high volume of transactions to make it work.

Two, scare stories like this only serve to make people think more about their own security, which is a good thing. It could also help direct people to more secure contactless platforms – such as an Apple Pay type system, where authentication (via biometrics) is built in to the transaction process. There are also moves towards biometric cards with an integrated fingerprint scanner on the card itself.

Three, and arguably most exciting of all, card controls could play an increasingly useful role. For example, cards are effectively ‘always on’. But if you’ve got a simple on/off button for your cards, for example through a simple mobile app linked to your account, you can stop them being used when you don’t want them to be.

There are many options. You could also set up a closed batch of merchants you trust for contactless – like your local newsagent, sandwich shop and chemist – and exclude any unknown merchants. Alternatively, rather like setting up a payee on your online banking, you could always require a PIN the first time you use the merchant but thereafter allow contactless.

Most countries go for a default contactless function – with all cards automatically enabled. Australia, however, has been looking at changing the law to make consumers have to opt-in to contactless.

Rather than taking this sort of action, giving consumers control over their cards and transactions would seem like a better move for banks. Fear exists around contactless; it makes sense to try and allay that as much as possible.

Finally – one of the new contactless functions that is growing in popularity is using a contactless card to initiate an ATM transaction – and it is important that any scare stories do not put consumers off. Contactless at the ATM will only be used to identify a card, consumers will always need to enter a PIN to authenticate themselves. In addition, because the consumer doesn’t have to put their card into the ATM, this also eradicates the risk of skimming,

Contactless is a huge trend in payments, and a combination of consumer education, security and fraud detection will mean that we do not have to compromise convenience for fraud losses.

Written by Dena Hamilton

Dena Hamilton

Dena is NCR's Director of Enterprise Fraud & Security Software Solutions. She specializes in fraud, risk, compliance and security, with over 35 years of experience in the financial services space. Her focus is the development and deployment of enterprise financial crime solutions optimized in prevention, detection and back office efficiency.

Read more articles from Dena Hamilton