Contactless payments are popular but how secure are they?
Contactless payments have grown to become one of the favourite ways to pay in Ireland. If you live in or have recently visited Ireland, you may well be amongst the millions of people across the country who know how quick and easy it is to tap for your travel, morning coffee, lunchtime sandwich or after-work pint.
In fact, the Banking & Payments Federation Ireland (BPFI) released figures last year showing that Irish consumers made almost one million contactless payments per day in 2018, completing a total of 364 million contactless transactions worth more than €4.4 billion during 2018.1
Contactless has proved hugely popular, yet for as long as the technology has existed, investigations into its security have been undertaken – efforts that we wholeheartedly welcome, not least because they support our own commitment to evolve the technology and ensure it maintains the highest standards of security.
Keeping your money safe
Visa payments, including contactless, are protected by multiple layers of security that work together to prevent fraud. As part of this security, Visa requires banks to investigate unauthorised transactions reported by cardholders, and if fraud has been committed, refund the money thanks to Visa’s Zero Liability policy.2
In practice, this means that if you suspect you might be a victim of fraud – for instance, if you lose your card or see payments on your account that you don’t recognise – you are able to report this to your bank, block your card, and get your money back.
Low fraud rates
While the use of contactless cards has increased rapidly, contactless cards experience among the lowest fraud rates of any type of payment. We also know that in countries where contactless payments are used widely, fraud at the point of sale has remained at historic lows.
The truth about cloning/contactless skimming
One common concern around contactless relates to the possibility of fraudsters using mobile payment terminals to “skim” the details from your card. In reality, this is extremely unlikely.
Firstly, initiating a transaction while a card is in someone’s wallet is very difficult in practice – particularly since a fraudster would need to know precisely where you keep your card, and stand extremely close to you.
Secondly, any money that is taken from a card needs to go somewhere. Visa payments can only be processed by terminals that are registered and audited for security compliance. To obtain an authorised merchant account, a fraudster would need to take several steps that include registering with a bank or payment processor, providing their personal information, and meeting other Know Your Customer (KYC) requirements. Even if they did all of this, it would be possible to trace the stolen money back to the recipient.
Bypassing the contactless limit and “Man in the Middle” attacks
Since the introduction of contactless, industry experts have looked into how to commit fraud on contactless cards – including so-called “man in the middle” attacks, or those that bypass contactless payment limits.
Research tests may be reasonable to simulate, but these types of schemes have proved impractical for fraudsters to employ in the real world. In fact, we are not aware of any such fraud having been successfully committed.
In partnership with the wider industry, including financial institutions, IT and security experts, academics, and others, we constantly adapt, enhance, and evolve our payment solutions to identify and address new risks. When appropriate, we make changes in technology and infrastructure to mitigate risks.
As adoption of contactless payments by consumers continues to grow in Ireland and around the world, Visa is committed to delivering the best possible customer experiences supported by world-leading security.
2 Visa's Zero Liability Policy does not apply to Visa corporate or Visa purchasing card or account transactions. For specific restrictions, limitations and other details, please consult your card issuer.