Why Industry Collaboration Is Key to Advancing Contactless Payment Security

The contactless payment industry has taken off in recent years, offering customers an easy, secure way to pay without holding up the line at the grocery store. Tapping a card or phone on a terminal is much safer than swiping or using a chip reader.

However, like any payment method, it’s still susceptible to tampering. Industry-wide cooperation among card reader companies, credit card networks, and issuers can make the practice safer.

How Do Contactless Payments Work?

Contactless payments use near-field communication (NFC) or radio frequency identification (RFID) to complete transactions. It’s the same technology behind unlocking a hotel door using a plastic room key.

Within a credit or debit card, tiny plastic wires function as antennas to transmit the radiofrequency signal between the card and the reader.

A card reader only picks up radiofrequency signals at a very short range, allowing you to hover or tap your card over the screen to pay. The reader requests more payment information — which is stored in the card’s shiny, metallic chip — when it detects a card in the area.

The chip contains static data, which includes a card’s account number and expiration date.

When you swipe your card or use a contactless payment app, the chip transmits static data along with a cryptogram — a unique numeric code issuers use to verify your device. The card reader sends this encrypted information to its servers.

Then, the servers transmit the data to companies like Visa or American Express that send it to the issuer.

Finally, the issuer approves the data and sends it back the way it came. All this happens in the amount of time it takes to read your card.

The Rise of Touchless Payments

Contactless payments are growing in popularity. A 2020 poll found 79% of respondents worldwide were using the method, with the pandemic spurring many people to stop paying with cash. The trend appears to be here to stay — and merchants are trying to keep up.

According to a 2022 survey, 91% of shoppers said a good checkout experience influences their decision to buy from that merchant again, so many stores have begun offering touchless card readers and payment app options for the first time.

However, as contactless payments become more common, so are the methods used to exploit them.

Potential Security Issues

Although contactless payments are generally safe, they still carry certain risks. For example, since you don’t need a PIN, anyone who steals your credit card or phone can potentially use it to make payments. It’s also possible for a bad actor to hack into your phone without physically lifting it.

Because many of these purchases won’t come with a receipt, tracking them — and proving they’re fraudulent — can be tricky.

Another technique hackers use to steal data is card skimming. Thieves employ specialized devices that intercept your card’s RFID information when they’re standing nearby. Once they have the data from your card, they can replicate it and create a cloned card.

Thankfully, mobile wallets are virtually immune to these attacks since they use NFC to transmit data within an extremely close range of another device.

Downloading a mobile payment app potentially exposes your phone to man-in-the-middle attacks where hackers can access your data. Threat actors can collect information like your usernames, passwords, Social Security number, or bank account number.

Finally, there’s always the risk of a privacy breach. Contactless payment apps and cards collect a lot of data, and someone could potentially use that information to track you.

Collaborating to Fight Crime

Card reader companies, credit card networks, and issuers should work together to tackle these security issues. They can prevent contactless payment fraud by consistently adopting strong security controls, sharing threat information with each other, and creating more uniform guidelines across the sector.

Projects like the Secure Payments Task Force — which the Federal Reserve created in 2016 and wrapped up two years later — can go a long way toward advancing payment security.

Headed by payment industry experts, the Secure Payments Task Force worked across industry segments to identify ongoing challenges and potential solutions in data protection, payment identity management, and information sharing related to fraud.

As companies release new products and services, they should integrate them with existing tools and risk assessment frameworks for a seamless transition into the payment system.

The payment sector should also create frameworks to identify and secure sensitive data from different payment types to protect a diverse group of payment stakeholders.

Strengthening Security

Contactless payment is already one of the safest ways to complete a transaction. However, as it becomes more commonplace, hackers will get savvier, making it imperative to have strong safeguards in place.

By collaborating, companies across the payment industry can make contactless payment even more secure, affirming its status as one of the most hacker-proof ways to buy a latte.