Contactless Payment FraudIs “Tapping” Your Card at Checkout the Safest Option?

Is Contactless Payment Fraud a Real Concern? Here’s What Merchants Need to Know.

Contactless payment adoption has been on the rise for years. It accelerated rapidly in the wake of covid-19, and it seems that customers have now gotten comfortable with “tapping” their card to pay.

Like most technology, however, new applications open the door to new threats. We have to consider the question: how has contactless adoption affected fraud concerns for merchants?

In this post, we’ll explore contactless payments, and examine some of the reasons why consumers are embracing the concept. We’ll consider potential risks posed by contactless card transactions, and ways in which merchants can proactively address the issue.

What are Contactless Payments?

Let’s start at the beginning and clarify what we are talking about when we say “contactless payments.”

Contactless payments are card-present purchases. In that regard, they’re like any transaction in which a buyer would need to dip or swipe a payment card, or hand it to the cashier to complete the sale. The difference is that contactless cards enable transactions using Near Field Communication technology.

NFC technology that uses radio waves to transmit data from the consumer’s card to the merchant’s terminal. NFC is a subset of Radio Frequency Identification (RFID). But, unlike other RFID-enabled technologies, which can work from more than 10 yards away, NFC cards must be within two inches in order to transmit data.

According to Juniper Research, global contactless card purchases are expected to exceed $10 trillion by 2027. Consumers are clearly on board with the service, which offers speed and convenience. Likewise, banks and merchants like the ability to provide faster, frictionless transactions and an enhanced customer experience.

Of course, with that much money at stake, you shouldn’t be surprised to learn that fraudsters are already working on ways to subvert the process.

What is Contactless Payment Fraud?

Contactless Payment Fraud

[noun]/kän ● takt ● ləs ● pā ● mənt ● frôd/

Contactless payment fraud refers to any attempt to make unauthorized purchases using information obtained by hijacking a near-field communication (NFC) -enabled transaction.

Contactless payment fraud can refer to any attempt to gain cardholder account information and use it for fraudulent transactions. This may be done either by capturing it during the data transfer, or covertly reading the NFC-enabled chip itself.

Cards with contactless payment capabilities still have the advantage of tokenization, making them significantly more secure than cards relying on magnetic stripes. Still, it’s a wireless transmission. That raises the question: can that transmission be hijacked? The answer depends on who you talk to.

No less an authority than the US Secret Service has warned about thieves who are breaking into gas pumps and hiding their own NFC devices inside. When the contactless card talks to the pump’s terminal, the info is also being snatched by the hacker’s device.

Then there are reports of crooks who walk through crowds carrying sophisticated RFID readers. The idea is to steal information from the cards that unsuspecting victims carry in their purses or wallets. However, the threat this poses is actually very minute.

RFID skimming requires high-end equipment. Thus, the real threat posed by this tactic is actually quite small.

Why Contactless Payments Are Still More Secure

To date, contactless payment fraud techniques have been fairly generic. Fraud can still happen through common methods like phishing and identity theft, or from lost or stolen payment cards. But EMV chips are microprocessors that, unlike magnetic stripes, don’t store exploitable customer data that fraudsters can steal. 

As we alluded to before, this is because of data tokenization; a process by which the system substitutes a unique, single-use code for the personal transaction data. Even if a hacker somehow managed to grab information in transmission, all they’d get is random code that can’t be linked back to the user’s personal information.

Plus, contactless cards offer all the same anti-fraud protections that other chip cards do. While it may be technically possible for a hacker to sneak away contactless card information and make unauthorized purchases, the risk for most customers is very small.

For the fraudster, it would involve a lot of work and risk for a comparatively small payoff. The truth is that there are easier ways and more profitable ways to commit fraud. 

The same security features that contactless payments offer consumers can also benefit merchants. Transactions are protected, and contactless payment providers are subject to especially high security standards, including PCI compliance. Strict adherence lowers the odds of human error at the point of sale, and makes card transactions more secure in general.

If there’s a downside to accepting contactless payments, it would be startup costs. Special terminals are necessary for reading the cards without insertion. For an organization with multiple checkout locations, replacing all readers might be cost-prohibitive.

What About Mobile Payments?

Contactless payments rely on NFC technology, but that doesn’t mean a physical card is always involved. In an increasing number of instances, consumers are turning to their phones to conduct transactions.

Mobile payment services like Apple Pay and Google Pay, and even some merchant-specific apps, all use NFC technology. This is how mobile payment apps transfer payment data from a smart device to a merchant’s NFC-enabled terminal. 

Once a customer sets up an account, their mobile device can be used much like a contactless credit card. For in-store purchases, the user can tap their device on any payment terminal equipped with an NFC reader.

Contactless Payments Won’t Prevent All Card-Present Fraud

The added security, convenience, and simplicity are good reasons to consider adopting contactless payments. Adding alternative payment methods doesn’t mean replacing traditional payment options. It’s simply expanding the ways customers can pay, providing a wider range of options to customers.

But, while the threats of contactless payment fraud may be overblown, risk mitigation should still be a consideration. This doesn’t really call for much in the way of specific practices, though; contactless payment fraud prevention involves many of the same tactics used in general fraud prevention.

AI-facilitated technologies can examine transactions based on the payment method, location, device fingerprint, and other digital identifiers. This can help identify cardholders, even without traditional authorization mechanisms like PIN codes. 

Learn more about fraud detection

Other best practices for accepting in-store card payments that you should adopt include:

Of course, there’s no singular solution to any problem in the payments space. That’s why it’s important to implement tools and strategies that prevent fraud and chargebacks any way you can, and challenge invalid disputes through representment.

When fraudulent activity leads to chargebacks, the experts at Chargebacks911® can help. With Cb911, you can develop an end-to-end management strategy to stem revenue loss and prevent future claims. Contact us today to learn more.