Contactless payments: Are they safe?|
Consumers in the United States have been relatively slow to begin use of contactless payments in their everyday transactions. This is due in part to a general lack of knowledge many have about the payment system.
Transactions using contactless payments are based on the use of contactless cards or digital wallets. Contactless cards function the same way as standard payment cards but do not require a swipe or EMV chip read. Digital wallets store a person's card information in encrypted data on a device. In both cases, the card or mobile hardware transmits card data via radio frequency to a retailer point of sale when payment source and terminal are in very close proximity.
Many consumers are concerned about the security of the system. While there are some inherent risks associated with contactless payments, these transactions can be very secure if proper precautions are taken, especially from a retail standpoint.
Retailers can play significant role in safe contactless payments
"Transactions must be manually authenticated by the consumer before each payment."
The European Union Agency for Network and Information Security released a report highlighting some of the security challenges retailers face with contactless payments.
A malicious agent can infect a contactless POS terminal with malware, which transmits customer card data to the attacker through an internet connection. If a retailer has an unsecure network due to a lack of firewalls, outdated software or a different internet inefficiency, this can also be exploited by an online assailant to steal consumer information following a contactless payment.
Contactless payments have inherent security measures
Although there are risks present in contactless payment use, the system uses several security standards to protect consumer data.
According to the Secure Technology Alliance, each contactless transaction has its own unique transaction code generated by a special key within mobile devices. These keys are unique to individual devices and are never shared with vendors. Encryption also prevents anyone from using transaction data to make any payments following the original, which is an identical system to the EMV chip concept.
Transactions must be manually authenticated by the consumer before each sale and payments are confidential, meaning identifiable consumer information is absent within the details of the purchase. Consumers also keep full control over their mobile devices throughout the transaction, adding another layer of physical security.
The Secure Technology Alliance sees contactless payments as safe, but only so far as retailers are willing to ensure the safe transmittal of data across networks. Persistent software updates and efficient network security can have a significant impact on how well protected these transactions are. Vendors should do all they can to enhance their POS processing security so that the use of contactless payments can continue to grow.
To learn more about effective card processing software, get in touch with Cloud 9 today.