Guide to Contactless Cards 1
Guide to Contactless Cards Since the introduction of credit cards to the UK over 50 years ago, they have been in a constant state of evolution, as card issuers and retailers have used improving technology to make products easier to use and more secure. One recent development you can't fail to have missed has been the introduction of contactless technology to credit cards. What are contactless credit cards? Contactless technology (also known as near-field communication, or NFC) enables fast and easy payment for goods and services under 30 without entering a PIN. There are many forms of contactless mobile payment applications in circulation, such as key fobs, watches, wristbands, mobile phones and tags. Currently, however, the most common form contactless payment is with a credit or debit card. How do contactless cards work? Contactless cards work using short-range wireless technology. Cards have built-in chips and a small embedded radio frequency antenna in the plastic. When used at a contactless reader, the contactless chip securely transmits purchase information to and from the reader. Contactless payment simply requires the card to be held to the contactless card reader. The card reader identifies the card and processes the payment, and a beep notifies the card holder that the payment has been cleared. The history of contactless cards Contactless cards have been available in the UK since 2007, but take-up was initially very slow, partly due to security concerns and partly due to a catch-22 situation between banks and retailers alike. Banks were reluctant to offer the cards as few businesses offered customers the facility to use them. Retailers were reluctant to invest in contactless card readers because so few customers had contactless cards. This stumbling block has now largely been broken, as a number of larger retailers 2
(including Pret-A-Manger, Boots, Tesco, McDonalds, Starbucks and M&S) switched to contactless card readers. At around the same time Visa (together with Barclaycard) ran a number of high-profile advertising campaigns, including the popular 'waterslide' campaign from 2008 [Bartle Bogle Hegarty] to increase consumer awareness (click here to view the advert on Youtube). Furthermore, adoption of contactless payments by Transport for London (TfL) in September 2014, which was originally planned to be ready for the London Olympics in 2013, has seen the number of users soar. The initial rollout of contactless in the UK was not without its problems. Some customers were reportedly charged twice for a single purchase, and in some instances, the wrong card was debited when users tapped a purse or wallet containing multiple contactless cards (including TFL Oyster Cards) against a reader. However, these issues were mainly due to cashier training issues and a lack of customer awareness, rather than defects in the cards, the readers, or the system itself. Despite these teething problems, there are now over 90 million contactless cards in circulation across the UK. Where can I make contactless payments? All of the major UK-based payment processing businesses have a contactless payment system, and they all work in a similar way. American Express Discover MasterCard Visa ExpressPay Zip PayPass PayWave To make a contactless payment, you must have a contactless card, and the recipient of your payment must have a contactless card reader. If your credit or debit card and your retail outlet feature the symbols below, then you can make a contactless payment. Once you have been prompted to pay by the cashier, you hold your card 3
around 4cm from the card reader for 1 or 2 seconds. A small beep will notify you that the transaction has been successful. Are all the major banks adopting contactless payments? All major UK banks have now adopted contactless cards, although some are only sending them to customers when their existing cards expire. What are the benefits of using a contactless card? There are many advantages to paying 'contactlessly', including: Quicker payments for customers & merchants Reduced checkout queues Cards remain in sight and never need to leave the customer's hand to make a payment Risk of pin number compromise is reduced since it is not entered for smaller purchases Forgetful customers do not need to remember their PIN for smaller purchases How secure are contactless cards? As with all payment cards, contactless cards have a number of security features. In the same way as credit and debit cards, contactless technology platforms are based 4
on secure encryption technology (the same as chip and PIN), which supports both data protection and transaction security, with encryption technology. Perhaps more importantly, contactless cards offer customers the same level of fraud protection as traditional credit and debit cards. Also, because contactless cards have a payment limit of 30, and the customer is required to input their PIN after a number of transactions, the risk tends to outweigh the reward for criminals wanting to clone cards. Indeed, Visa has stated that due to its many security features, contactless technology is unattractive to fraudsters, and the levels of card fraud have plummeted in the last decade. While credit card fraudsters are not necessarily interested in small payments of less than 30, being able to read card details is undoubtedly a lucrative business, and there has been some concern regarding the technological developments in this area. Academics from Surrey University found that cards could be read using an inexpensive device up to a distance of between 20cm and 90cm. Banks responded by stating that the only information that can be read using such a device is the cardholder s name, the card number, and the expiry date, all of which can be read from the front of the card. However, given that some retail websites do not ask for the CCV/CVC number (on the back of the card), when making purchases, they could be of use to fraudsters. One solution to card skimming is to keep your contactless cards inside an RFIDblocking wallet. These wallets block radio waves from reaching your card, making it impossible for criminals to access card data. Whatever precautions one takes to combat the latest security threats, and indeed these are always evolving, it remains the case that, for as long as they are liable for fraudulent activity on contactless cards, banks will make every effort to increase card security. For more information about card security read our Guide to Credit Card Security 5