Stakeholders Driving Payment Evolution and Digital Identity

Contactless Payment Card Security – An FAQ

Source: Canadian Bankers Association May 24, 2012

You may have noticed a new kind of payment card while waiting in line at a store, or you may already have a contactless payment card – now offered by Visa payWave™, MasterCard PayPass™ and Interac Flash™. These cards allow you to quickly pay for small purchases by waving your card in front of a contactless terminal. This article will answer some of the frequently asked questions (FAQ) about the security of contactless payment cards and provide tips on how to protect yourself from debit and credit card fraud.

How are contactless cards different from regular debit and credit cards?

In contactless cards, a small radio frequency antenna and microchip inside the card allow a transaction to be processed without having to enter a personal identification number (PIN) or sign a receipt. You pay for small purchases by waving your card in front of a merchant's contactless terminal.

Should I be concerned about security of contactless payment cards?

No. Contactless card transactions are processed through the same secure networks used for all other Visa, MasterCard and Interac transactions. Your card never leaves your hand and each transaction has a unique, encrypted code and changes every time the card is used.

There have been news reports recently about electronic pick-pocketing, where a criminal with a card reader and computer can read the information on contactless cards and commit fraud. It's important to know that contactless cards are embedded with multiple layers of security to protect you. For example,

  • Short range – Cards must be within a few centimeters of a reader for any data to be transmitted. The short range makes it difficult for criminals to gain access to card information from a distance and, even if they could, the card data cannot be used to create a counterfeit card and the encryption technology would make the stolen card information useless.
  • Encryption – Each transaction you make with your card creates a unique encryption code, which expires after the transaction is finished. If someone was able to get close enough to steal data from your card, they would not be able to use the encryption code because it would have expired.
  • Limited information – Your name is not transmitted during a contactless transaction. For Visa and MasterCard, the three-digit security code on the back of your card is also not transmitted.
  • Low transaction limits – Contactless cards generally have low transaction limits and any larger purchase will require you to enter your PIN. If you card is lost, this will prevent large purchases from being made.
  • Zero liability – Visa, MasterCard and Interac all have zero liability policies for credit and debit card holders. In cases of fraud, you won't be held responsible and will get your money back.

What are my responsibilities?

While contactless payment cards are very safe and there are multiple levels of protection in place to prevent fraud, there are steps you can take to further protect yourself. Here are a few tips to help prevent credit and debit card fraud:

Report a lost or stolen card as soon as you notice it's gone. Your card issuer will cancel your card and issue you a new one.
Choose a PIN that could not be easily detected if your card is lost or stolen - don't use your birth date or address
Make it a habit to regularly check your transactions online or on your monthly statement. If there are any charges that you didn't make, report them to your card issuer right away.
Never give out your card number over the phone or Internet unless you know you are dealing with a reputable company.
Protect your Personal PIN: don't share it with anyone or write it down, memorize it.
Sometimes scammers will try to trick people into revealing information about their credit cards either over the phone or through e-mail. It's important to know that your credit card company or bank would never call to ask for personal information like your credit card number, expiry number, PIN, or the security number on the back of your card.
Protect your credit card like you protect your cash. Never leave them unattended in your car or at work.
When travelling, carry your cards with you or make sure they are in a secure location such as a hotel safe.
Make a list of all your cards and their numbers and keep this is a secure place. This key information is helpful when reporting lost or stolen cards.

What if I think I am a victim of fraud?

If you have transactions on your credit or debit card that you didn't make or if you think that you may have revealed your credit card number when you shouldn't have, contact your bank or credit card issuer right away using the phone number on the back of your card. The card issuer will take the appropriate steps to protect you from fraud.

For more information about contactless payment cards check out the Visa, MasterCard and Interac websites:

Information about Visa PayWave: http://www.visa.ca/en/personal/visa-paywave/index.jsp
Information about MasterCard PayPass: http://www.mastercard.com/ca/personal/en/technologies/paypass/index.html
Information about Interac Flash: http://www.interac.ca/consumers/faqs.php#flash