Shopping, both offline and online, has never been easier. The latest in the financial tech sphere is contactless payments. Debit and credit cards, mobile devices, smart cards and wallets are among some of the most popular of available contactless options.
Some popular software-based mobile payment options that are contactless are Apple Pay, Google Pay, Samsung Pay and Fitbit Pay. All you need to do is tap and pay, as your payment details are already linked to the portal.
But how safe is this payment method?
This video posted on Facebook quickly went viral - it showcases the dangers of contactless cards. Read our guide to the dangers of using these in the UAE | https://t.co/gnP94efIWi | Credit: Mike Lee/Facebook pic.twitter.com/flkBxWCway— Gulf News (@gulf_news) July 29, 2018
In most countries including the UAE, the limit is the purchase amount, while there is usually no limit on the number of transactions.
This video is not sourced from the UAE but for the purpose of this guide, it shows how you are in danger of losing your hard-earned money. As long as the user keeps the purchase amount below the set limit, he or she could misuse a stolen card for unlimited purchases.
How do contactless cards work?
Contactless cards or payments works using either radio-frequency identification (RFID) or near-field communication (NFC) through embedded chips or antennas. Your card or device should ideally be 2cms to 4cms from the payment machine to enable the process.
How do I know if my card is contactless?
Look for the Contactless Indicator to know if your card can make contactless payments. A similar symbol on the merchant’s payment machine indicates the ability to process contactless purchases.
For Visa contactless cards in the UAE the limit is Dh300, according to their website. For MasterCard, no limits have been given in their website – however, individual banks may have set different limits. In this case, the small amounts could make it harder for a stolen card to be recognised and reported immediately from the bank's or merchant's side.
Is it all bad?
No. Contactless payments are quickly becoming the payment choice of the majority of offline and online shoppers across the world. It is easy to use and has secure transaction paths. The only issue is if someone devices a way to get near enough to the card with an activated payment portal, or if your card is stolen.
Card issuing banks also promise a no-liability clause for fraud through misuse - the customer is not held liable to pay for fradulent purchases.
What can you do to be protected?
There are card cases in the market that claim to protect your card from unauthorised purchases. These metal covers, according to user reviews, don’t allow any radio wave emission unless the card is physically taken out of the case.
Ask your bank
If you’re concerned about the safety of using your contactless card, contact the issuing bank and ask for your options. You could either opt out and add a setting which requires a PIN number for all transactions.
Hear from VISA
One of the two major issuers of credit and debit payment technology across the world, Visa released a statement to Gulf News in response to this story.
“Ensuring payment security is one of Visa’s highest priorities, and contactless payment cards are as secure as regular chip cards. Contactless cards have multiple layers of security including EMV chip technology, a low transaction limit, a short read range and unique encryption, making cards virtually impossible to counterfeit. In the case of Visa Contactless card, which has an ultra short read range of 4 cm, the POS device needs to be held very close to a consumer. It is very challenging for fraudsters to approach consumers so closely without being noticed. Importantly, this would clearly involve fraud collusion by an existing merchant. Mobile payments are further secured by biometric requirements.
Embedded chip with advanced cryptographic security, generates a unique code for each and every transaction, making it virtually impossible to clone a card. As a result, stolen payment card data is rendered almost useless at the point of sale. In a contactless (tap and go) transaction, information travels from the contactless card to the point of sale terminal without any contact, so there is a remote possibility that data can be intercepted. Should the data be stolen, committing fraud is highly unlikely without the additional information required to verify the purchase including the billing address, the 3-digit code printed on the back of the card or 3-D Secure password. In fact, there are no reports of this type of fraud taking place outside of vendor or reporter simulations.
Visa and financial institutions also monitor transactions in real time to identify suspicious or unusual transactions and prevent fraud. The use of SMS transaction alerts by financial institutions adds a further level of security to transactions.
Visa invests heavily in advanced fraud-fighting technologies and continues to develop and deploy new and innovative programs to mitigate fraud and protect cardholders. Visa’s efforts have helped keep fraud rates steady near historic lows, enabling accountholders to use Visa with confidence. In fact, with technological innovations and advances in risk management, fraud rates have declined by more than two-thirds in the past two decades.”
**This story has been updated with a statement from Visa