A Blog by Jonathan Low

 

Nov 1, 2016

'Contactless' Credit Cards Are Taking On Mobile Wallets - And Raising Concerns

The ongoing battle to fight the digitization of everything is reaching new heights in finance, where fin tech and mobile pay are threatening to upset the old order.

So-called 'contactless' cards which permit purchases up to a certain amount without immediate verification play to the demand for ease, convenience and, in some cases, thoughtlessness. The attendant risks are a concern, as the following article explains, but they have not stopped consumers or those who serve them from continuing to push new means of spending more quickly. JL
 
Mark Scott reports in the New York Times:

Contactless cards can approve transactions up to certain dollar value (typically less than $50) with a simple swipe against a wireless payment reader built into a checkout machine.(They) are expected to rise to 330 million units, or 55 percent of all new (US) credit and debit cards by the end of the decade. Yet the expected growth has raised concerns that fraud levels — potentially equivalent to millions of dollars of illegal transactions — will also soar
For banks and retailers, there is a fine line between making people’s use of credit and debit cards as painless as possible and protecting individuals’ financial details from swindlers.
How that balance may eventually play out is already taking shape in Europe, where many of the region’s 500 million citizens now rely on so-called contactless cards. These are pieces of plastic that can approve transactions up to certain dollar value (typically less than $50) with a simple swipe against a wireless payment reader built into a checkout machine. The cards rely on so-called near field communication, or N.F.C., a wireless technology that has raised some safety concerns when people quickly pay for groceries, gas or other items.
In the United States, contactless cards have already been tried — unsuccessfully. The cards mostly failed to gain people’s interest several years ago because few stores accepted the largely untested, and potentially fraud-prone, older version of the technology.
Now contactless credit and debit cards are likely to make a comeback, driven by a continuing rollout of chip cards and new payment terminals across the United States, much of which includes contactless technology. The use of mobile wallets like Apple Pay and Samsung Pay, which wirelessly send transaction data from a smartphone to a payments reader, is also growing.
In total, annual shipments of contactless cards in the United States are expected to rise to 330 million units, or 55 percent of all new credit and debit cards, by the end of the decade, up from 25 million units last year, according to ABI Research, a technology research firm. In Europe, yearly shipments of contactless cards are projected to reach 420 million, or 75 percent of all new cards, by 2020, up from 205 million last year.
“The U.S. hasn’t really started rolling out contactless cards, while Europe is already pretty mature,” said Phil Sealy, a senior analyst at ABI. “Educating the public on how to use contactless credit and debit cards will be vital.”
Part of the education will include safety. The new contactless technology faces some security and fraud threats, even though it is significantly more secure than the decades-old magnetic strip in current credit cards in the United States.
In Britain, where people have arguably embraced contactless cards to a greater extent than individuals in other countries, researchers have routinely been able to copy the financial details of some cards, including the 16-digit card number and expiration date, by merely passing their own N.F.C. reader close to a person’s wallet. Add a low-cost camera that has been installed, say, at a retailer’s checkout machine, and crooks may also be able to obtain a person’s so-called CVV security code (located on the back of a credit or debit card), giving them more information to enable fraudulent purchases.
“Contactless is great for usability, but it introduces security flaws that need to be fixed,” said Martin Emms, a research associate at Newcastle University in England, who has studied potential problems with the technology. “If someone bumps up behind you on the subway, they are close enough to skim the details of your contactless cards.”
The extent of the security threat these cards pose is still unclear. Banks and retailers say the technology is less fraud-friendly than alternatives like cash, and they are working on improvements to close any loopholes.
In Britain, where more than one billion contactless card transactions were processed last year, there was only $3.6 million of fraudulent activity in a total of $9.9 billion in contactless spending in 2015, according to the UK Cards Association, an industry group. That represents less than four cents for every $100 of transactions.
Yet the expected growth of contactless cards, particularly in the United States, has raised concerns that fraud levels — potentially equivalent to millions of dollars of illegal transactions — will also soar as more people rely on the new technology.
So what can people do to minimize the security threats?
When paying with a contactless card, experts say, make sure the card stays within sight to avoid the details being collected by a third-party N.F.C. reader and to prevent having it swiped to pay for another person’s purchases. That is particularly true in restaurants, where the payment terminal is often stored far away from the seating area.
To avoid cards’ details being wirelessly grabbed on the commute to work, analysts also advise people to block N.F.C. signals from their wallet or purse (though this means they will have to remove their cards from their wallets or bags when making transactions). So-called N.F.C.-blocking wallets are readily available online (some cost more than $100), though a small piece of aluminum foil kept inside a purse or wallet will also do the job.
“That’s what I do, and it works just as well,” said Dr. Emms of Newcastle University. “Never put your wallet on a reader because whoever has access to it will be able to see the details of all your contactless cards.”

0 comments:

Post a Comment