Contactless Payment FraudIs “Tapping” Your Card at Checkout the Safest Option?

November 13, 2023 | 9 min read

This image was created by artificial intelligence using the following prompts:

Cropped close up woman’s hand and arm putting a credit card to cloud Point of Sale system payment terminal, near cashier checkout, inside store. People purchasing concept, shot on dslr, contactless payment fraud, in the style of red and teal.

Contactless Payment Fraud

In a Nutshell

When it comes to checkout, merchants and customers both look for a secure, frictionless experience. Contactless payment options can deliver speed and convenience. But, are they secure? In this post, we look at how contactless cards work and any safety concerns for consumers or merchants.

Is Contactless Payment Fraud a Real Concern? Here’s What Merchants Need to Know.

Contactless payment adoption has been on the rise for years. It accelerated rapidly in the wake of covid-19, and it seems that customers have now gotten comfortable with “tapping” their card to pay.

Like most technology, however, new applications open the door to new threats. We have to consider the question: how has contactless adoption affected fraud concerns for merchants?

In this post, we’ll explore contactless payments, and examine some of the reasons why consumers are embracing the concept. We’ll consider potential risks posed by contactless card transactions, and ways in which merchants can proactively address the issue.

What are Contactless Payments?

Let’s start at the beginning and clarify what we are talking about when we say “contactless payments.”

Contactless payments are card-present purchases. In that regard, they’re like any transaction in which a buyer would need to dip or swipe a payment card, or hand it to the cashier to complete the sale. The difference is that contactless cards enable transactions using Near Field Communication technology.

NFC technology that uses radio waves to transmit data from the consumer’s card to the merchant’s terminal. NFC is a subset of Radio Frequency Identification (RFID). But, unlike other RFID-enabled technologies, which can work from more than 10 yards away, NFC cards must be within two inches in order to transmit data.

According to Juniper Research, global contactless card purchases are expected to exceed $10 trillion by 2027. Consumers are clearly on board with the service, which offers speed and convenience. Likewise, banks and merchants like the ability to provide faster, frictionless transactions and an enhanced customer experience.

Of course, with that much money at stake, you shouldn’t be surprised to learn that fraudsters are already working on ways to subvert the process.

Contactless Payment Fraud

What is Contactless Payment Fraud?

Contactless Payment Fraud

[noun]/kän ● takt ● ləs ● pā ● mənt ● frôd/

Contactless payment fraud refers to any attempt to make unauthorized purchases using information obtained by hijacking a near-field communication (NFC) -enabled transaction.

Contactless payment fraud can refer to any attempt to gain cardholder account information and use it for fraudulent transactions. This may be done either by capturing it during the data transfer, or covertly reading the NFC-enabled chip itself.

Cards with contactless payment capabilities still have the advantage of tokenization, making them significantly more secure than cards relying on magnetic stripes. Still, it’s a wireless transmission. That raises the question: can that transmission be hijacked? The answer depends on who you talk to.

No less an authority than the US Secret Service has warned about thieves who are breaking into gas pumps and hiding their own NFC devices inside. When the contactless card talks to the pump’s terminal, the info is also being snatched by the hacker’s device.

Then there are reports of crooks who walk through crowds carrying sophisticated RFID readers. The idea is to steal information from the cards that unsuspecting victims carry in their purses or wallets. However, the threat this poses is actually very minute.

RFID skimming requires high-end equipment. Thus, the real threat posed by this tactic is actually quite small.

Why Contactless Payments Are Still More Secure

To date, contactless payment fraud techniques have been fairly generic. Fraud can still happen through common methods like phishing and identity theft, or from lost or stolen payment cards. But EMV chips are microprocessors that, unlike magnetic stripes, don’t store exploitable customer data that fraudsters can steal. 

As we alluded to before, this is because of data tokenization; a process by which the system substitutes a unique, single-use code for the personal transaction data. Even if a hacker somehow managed to grab information in transmission, all they’d get is random code that can’t be linked back to the user’s personal information.

Plus, contactless cards offer all the same anti-fraud protections that other chip cards do. While it may be technically possible for a hacker to sneak away contactless card information and make unauthorized purchases, the risk for most customers is very small.

Every advance in anti-fraud technology is quickly followed by new fraud tricks. It’s a challenge to stay ahead of rising threats, but we can help.REQUEST A DEMO

For the fraudster, it would involve a lot of work and risk for a comparatively small payoff. The truth is that there are easier ways and more profitable ways to commit fraud. 

The same security features that contactless payments offer consumers can also benefit merchants. Transactions are protected, and contactless payment providers are subject to especially high security standards, including PCI compliance. Strict adherence lowers the odds of human error at the point of sale, and makes card transactions more secure in general.

If there’s a downside to accepting contactless payments, it would be startup costs. Special terminals are necessary for reading the cards without insertion. For an organization with multiple checkout locations, replacing all readers might be cost-prohibitive.

What About Mobile Payments?

Contactless payments rely on NFC technology, but that doesn’t mean a physical card is always involved. In an increasing number of instances, consumers are turning to their phones to conduct transactions.

Mobile payment services like Apple Pay and Google Pay, and even some merchant-specific apps, all use NFC technology. This is how mobile payment apps transfer payment data from a smart device to a merchant’s NFC-enabled terminal. 

Once a customer sets up an account, their mobile device can be used much like a contactless credit card. For in-store purchases, the user can tap their device on any payment terminal equipped with an NFC reader.

Contactless Payments Won’t Prevent All Card-Present Fraud

The added security, convenience, and simplicity are good reasons to consider adopting contactless payments. Adding alternative payment methods doesn’t mean replacing traditional payment options. It’s simply expanding the ways customers can pay, providing a wider range of options to customers.

But, while the threats of contactless payment fraud may be overblown, risk mitigation should still be a consideration. This doesn’t really call for much in the way of specific practices, though; contactless payment fraud prevention involves many of the same tactics used in general fraud prevention.

AI-facilitated technologies can examine transactions based on the payment method, location, device fingerprint, and other digital identifiers. This can help identify cardholders, even without traditional authorization mechanisms like PIN codes. 

Learn more about fraud detection

Other best practices for accepting in-store card payments that you should adopt include:

Educating Staff

Provide training that helps employees identify and prevent fraud. Give sales staff permission to validate IDs or decline suspicious transactions.

Promoting EMV Card Use

Contactless or not, EMV cards are simply more secure than magstripes. Make it a policy to swipe cards only when necessary, and even then with caution.

Confirming Transactions & Providing Receipts

Confirm that the customer knows the amount being charged to the card. Also, make sure they (and you) have a copy of the receipt in case any discrepancy arises later.

Declining Damaged Cards

Damaged cards are a red flag. Fraudsters want to maneuver you into swiping the card or manually entering the information. If “tapping” or “dipping” doesn’t work, ask for another form of payment.

Authenticating Users

The only authorized user of any credit or debit card is the person whose name is on the front of the card. Don’t be afraid to ask for ID as a form of additional identification.

Refusing to be Bullied

Some fraudsters cause a scene if you question their card. They want you to make you run a suspicious card, just to get rid of them. Don’t fall for it, though.

Of course, there’s no singular solution to any problem in the payments space. That’s why it’s important to implement tools and strategies that prevent fraud and chargebacks any way you can, and challenge invalid disputes through representment.

When fraudulent activity leads to chargebacks, the experts at Chargebacks911® can help. With Cb911, you can develop an end-to-end management strategy to stem revenue loss and prevent future claims. Contact us today to learn more.

FAQs

Can a contactless payment be fraud?

Yes, but not specifically because it is contactless. Any lost or stolen card can be used for fraud, regardless if it has contactless capabilities or not. Mobile payment apps may also be used for fraudulent purchases, assuming a thief can hack into the phone or other smart device.

Do banks refund contactless fraud?

Yes. Contactless card transactions are protected by Federal mandate, meaning banks and financial institutions must refund unauthorized payments. As long as they haven’t been negligent, cardholders are usually not liable for any unauthorized charges to their account. 

What are the risks of contactless payments?

Contactless cards may be subject to a type of card skimming and, to a lesser extent, data interception. The chances of this happening, however, are low. Nearly all contactless fraud comes from the card or smart device being lost or stolen.

What happens if someone else uses my contactless card?

As with unauthorized charges to any other cards, the bank will be liable, not you. If you suspect any unauthorized transactions, report them immediately to your card issuer. 

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
triangle shape background particle triangle shape background particle triangle shape background particle
Please share a few details and we'll connect with you!
Revenue Recovery icon
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form