A Guide to Contactless Cards 1
Guide to Contactless Cards Ever since they were first introduced to the UK market over 50 years ago, credit cards have been in a constant state of evolution, as card issuers and retailers have used advances in technology to make product use easier and more secure. One such recent development has been the introduction of contactless technology to an increasing number of cards. Contactless Technology Contactless technology (also known as near-field communication, or NFC) enables fast and easy payment for goods and services under 20 without entering a PIN. There are many forms of contactless mobile payment applications in circulation, such as key fobs, watches, wristbands, mobile phones and tags. Currently, however, the most common form of such contactless payment in circulation is in the form of a credit or debit card. How does this technology work? Contactless cards work by using short range wireless technology. The cards have built-in chips and a tiny embedded radio frequency antenna in the plastic, so that when used at a contactless reader, it securely transmits purchase information to and from the reader. Making a contactless payment simply requires the card holder to hold their contactlessenabled card over the card reader, at a distance of around 4cm for around a second. A beep from the card reader will signify that the payment has been accepted. History of contactless technology Contactless cards have been available in the UK since 2007, but take-up was initially slow. This was partly due to security concerns and partly due to a catch-22 situation between the large banks and retailers alike. Banks were reluctant to offer the cards as few businesses offered customers the facility to use them. Retailers were reluctant to invest in contactless card readers because so few customers had contactless cards. 2
This stumbling block has now largely been broken, as a number of larger retailers (including Pret-A-Manger, Boots, Tesco, McDonalds, Starbucks and M&S) have switched to contactless card readers and Visa (together with Barclaycard) have run a number of high profile advertising campaigns, including the popular waterslide campaign from 2008 [Bartle Bogle Hegarty] designed to increase consumer awareness (click here to view the advert on Youtube). Furthermore, the adoption of contactless payments by Transport for London (TfL) in September 2014 has seen the number of users soar. With regard to card security, there were some problems with the adoption of contactless cards in the early days. Customers have reported being charged twice for a single purchase and in some instances the wrong card was debited when users tapped a purse or wallet containing multiple contactless cards (including TfL Oyster Cards) against a reader, but these issues were largely due to lack of staff training and customer awareness, rather than defects in the cards, the readers, or the system itself. There has also been concern amongst consumers that they will inadvertently be charged for someone else s transaction, simply by walking past the card reader with their contactless card in their hand, or in a purse, wallet or bag. However, given that cards must be placed within 4cm of a reader, for 1 or 2 seconds, this scenario is unlikely to happen. Despite these early problems there are currently over 38 million contactless cards in circulation across the UK. Where can I make contactless payments? The major payment processing businesses have their own contactless payment systems MasterCard Visa American Express Discover PayPass PayWave ExpressPay Zip but they work in the same way. To make a contactless payment, you must have a contactless card, and the recipient of your payment must have a contactless card reader. If your credit or debit card 3
If your credit or debit card and your retail outlet feature the symbols below, then you can make a contactless payment. Once you have been prompted to pay by the cashier, simply hold your card around 4cm from the card reader for 1 or 2 seconds. A small beep will notify you that the transaction has been successful. Are all the major banks adopting contactless payments? Whilst the major UK banks are indeed adopting contactless cards, some are only sending them to customers when their existing cards are due for renewal, which makes for relatively slow progress. For example, Lloyds, Halifax and Bank of Scotland have so far only issued a quarter of their customers with contactless cards, whilst TSB (who had to send out replacement cards to its customers following its split from Lloyds), has now given all its customers contactless-enabled cards. What are the benefits of using a contactless card? There are many benefits to paying 'contactlessly', including: Making it quicker for customers to pay Reducing checkout queues in shops Cards remain in sight and never need to leave the customer's hand to make a payment Risk of pin number compromise is reduced, as it is not typed in for smaller purchases Customers do not need to remember their PIN number for smaller purchases 4
How safe are contactless cards? As with all payment devices, contactless cards have a number of security features. In the same way as credit and debit cards, contactless technology platforms are based on secure encryption technology (the same as chip and PIN), which supports both data protection and transaction security, via the use of encryption technology. Also, contactless cards are covered by the banks in the same way as credit and debit cards in terms of fraud. Furthermore, because contactless cards have a payment limit of 20, and the customer is required to input their PIN after a number of transactions, the risk arguably outweighs the rewards for those wishing to clone the cards. Indeed, Visa has stated that due to its many security features, contactless technology is unattractive to fraudsters, and the levels of card fraud have plummeted in the last decade. Whilst it may be argued that credit card fraudsters are not interested in small payments of less than 20, being able to read card details is undoubtedly a lucrative business, and there have been some worrying technological developments in this area. For example, academics from Surrey University found that cards can be read using an inexpensive device up to a distance of between 20cm and 90cm. The banks have responded to this threat by stating that the only information that can be read with such a device is the cardholder s name, the card number, and the expiry date, all of which can be read from the front of the card anyway. However, a number of retail websites do not ask for the CCV number (on the back of the card), when making purchases, therefore they are indeed of economic use to fraudsters. One answer to this latest threat of card skimming is to keep all your contactless cards inside an RFID-blocking wallet which prevents unauthorised access to card data by blocking radio waves from accessing your card. Whatever precautions one takes to combat the latest security threats, and indeed these are constantly evolving, it remains the case that for as long as the banks are liable for any fraudulent activity on a contactless card, every effort will be taken by them to increase the security and keep your details secure. For more information about card security please read our Guide to Credit Card security 5