Contactless payments accelerated rapidly in the wake of the COVID-19 pandemic as consumers became more comfortable with “tapping” their card to pay or allowing merchants to store payment information for future use. Today, contactless methods are the preferred choice of payment in many countries, with the contactless market set to reach a global value of $6.25 trillion by 2028.
While there are benefits to these payment methods, there are also some inherent risks. What should you know about the benefits and risks of contactless payment options, and how can you protect yourself from becoming a victim of fraud when utilizing them?
Contactless Chip Payments
Contactless chip payments are card-present purchases. In that regard, they’re like any transaction in which a buyer needs to insert or swipe a payment card to complete a sale. The difference is that contactless cards enable transactions using Near Field Communication (NFC) technology.
NFC technology uses radio waves to transmit data from the consumer’s card to the merchant’s terminal. NFC is a subset of Radio Frequency Identification (RFID), but unlike other RFID-enabled technologies which can work from more than 10 yards away, NFC cards must be within two inches in order to transmit data. Thus, a transaction can be made by simply tapping the card against the outside of the payment terminal.
Card-on-file Transactions
Technically, all a merchant really needs to process a card transaction is the account number. But if they want it to be properly authorized, they also need the expiration date, billing address and security code. These data points are known as payment credentials. Customers can give merchants permission to store their payment credentials for later use, and purchases charged to those stored payment credentials are called card-on-file transactions.
This is most common with gyms, streaming services, utilities and other recurring billing services that require regular payments. These card-on-file transactions are also often paired with loyalty programs where you earn reward points for making purchases.
Benefits
The main advantage of contactless chip payments is quicker transactions. Also, if you have an NFC-enabled smartphone, you can use that to make purchases even if you don’t have your wallet on hand.
The main advantage of a card-on-file transaction is that they’re convenient, frictionless and fast. You don’t need to get out your wallet, wait for the payment processing terminal, enter your PIN or sign anything. All you have to do is confirm your intent to authorize the purchase.
While consumers becoming more comfortable with these options isn’t necessarily a bad thing, the rapid growth of contactless forms of payment have attracted the attention of fraudsters who are always seeking out new methods to steal money.
Risks
Contactless payment fraud occurs when a criminal attempts to gain cardholder account information and use it for fraudulent transactions.
For contactless payments made with a chip card, this can be done either by capturing it during the data transfer or covertly reading the NFC-enabled chip itself. However, chip technology can protect you against fraudulent purchases through encryption and dynamic data technologies. When a chip card is used, the system substitutes a unique, single-use code for the personal transaction data. Even if a hacker somehow managed to grab information in transmission, all they’d get is random code that can’t be linked back to the user’s personal information.
Since chip cards can be used without a PIN, there is cause for concern if it is physically stolen. Thankfully, contactless cards offer all the same anti-fraud protections that other chip cards do, but it’s essential to review your monthly credit card and bank statements. To further protect yourself, check your bank and credit card transactions on a daily basis and immediately report any suspicious activity to your financial institution.
With card-on-file transactions and stored payment credentials, one major threat is if the vendor who is storing them becomes the victim of a data breach. When a company gets hacked, their customers’ payment credentials can easily end up in the wrong hands. Another major concern is fraudsters who try to access this data through various forms of social engineering, which is the art of manipulating an individual into voluntarily providing confidential information such as passwords, PINs or payment credentials. This is most commonly achieved when criminals pretend to work for your financial institution or an organization that has your payment credentials on file. They might send you a text or email notifying you of suspicious charges on your account, and then ask you to click on a link and enter personal information to confirm or deny the charges.
How to Protect Yourself and Your Data
While added security, convenience and simplicity are good reasons to consider adopting contactless payment methods, risk mitigation should still be a consideration. You can minimize the chances of becoming a victim of contactless fraud by following these steps:
- Don't keep your cards in easily accessible pockets or bags.
- Report any lost or stolen cards as quickly as possible.
- Don't let anyone take your card out of sight while taking a payment.
- Always ask for a receipt to make sure you were charged the correct amount.
- Regularly examine your credit report and account statements to confirm that all information is current and correct.
- Enroll in credit monitoring so you are notified any time there’s a credit check in your name.
- Set up alerts directly with your card issuer that notify you about any international transactions or charges above a specific dollar amount.
- Do not respond, click/open any links or download/open any attachments from someone claiming to be with Busey or another financial institution—especially if you did not initiate the request.
- Do not share your account credentials, password or PIN, or give anyone access to your device. Busey associates will not contact you and request this information.
If you believe you’ve been the victim of fraud on a Busey account, contact our Customer Care team, reach out to your Relationship Manager or visit your local Service Center to place a fraud alert on your account. You can also read our Fraud Prevention FAQs for more information.